--=__PartBD8C6554.0__=--
=========================================================================
Date: Mon, 22 Oct 2012 14:27:28 +0000
Reply-To: Discussion list for Shibboleth developments
<[log in to unmask]>
Sender: Discussion list for Shibboleth developments
<[log in to unmask]>
From: caleb racey <[log in to unmask]>
Subject: Re: Kerberos to Shibboleth single signon
In-Reply-To: <[log in to unmask]>
Content-Type: multipart/related;
boundary="_004_AA48E7A39AF95D4097B90DF882368BED0325BCEXMBDB02campusncl_";
type="multipart/alternative"
MIME-Version: 1.0
Message-ID: <[log in to unmask]>
--_004_AA48E7A39AF95D4097B90DF882368BED0325BCEXMBDB02campusncl_
Content-Type: multipart/alternative;
boundary="_000_AA48E7A39AF95D4097B90DF882368BED0325BCEXMBDB02campusncl_"
--_000_AA48E7A39AF95D4097B90DF882368BED0325BCEXMBDB02campusncl_
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: base64
VGhlIGRvY3VtZW50IHNpbW9uIHBvaW50ZWQgYXQgeW91IGlzIGEgZ29vZCAgZmlyc3Qgc3RlcCB0
byBnZXR0aW5nIEtlcmJlcm9zIHRvIHdvcmsuICBUZXN0aW5nIHdpdGggbW9kX2F1dGhfa2VyYiBv
biBpdOKAmXMgb3duIGlzIGEgZ29vZCB3YXkgb2YgY2hlY2tpbmcgeW91ciBLZXJiZXJvcyBjb25m
aWcgIHdvcmtzIGJlZm9yZSB5b3UgbG9vayBhdCBzZXR0aW5nIHVwIHRoZSBzaGliYm9sZXRoIGtl
cmViZXJvIGxvZ2luIGhhbmRsZXIuICAgSW4gcHJvZHVjdGlvbnMgd2UgZG9u4oCZdCB1c2UgbW9k
IGF1dGgga2VyYiB3ZSB1c2UgdGhlIHNoaWJib2xldGggS2VyYmVyb3MgbG9naW4gaGFuZGxlciB0
aGF0IHRoZSBmb2xrcyBvdmVyIGluIHRoZSBzd2lzcyBzd2l0Y2ggZmVkZXJhdGlvbiBidWlsdC4g
ICBUaGUgcHJvYmxlbSB3aXRoIG1vZF9hdXRoX2tlcmIgaXMgIHRoZSBmYWlsb3ZlciBiZWhhdmlv
dXIgd2hlcmUgaXMgcG9wcyB1cCB0aGUgZ3JleSBiYWNpIGF1dGggYm94IHJhdGhlciB0aGFuIGZv
cm1zIGJhc2VkIGxvZ2luIChkZXBlbmRzIG9uIHdoaWNoIGJyb3dzZXIgaXMgYmVpbmcgdXNlZCku
ICAgV2UgaGF2ZSBtYW5hZ2VkIHRvIGdldCB3b3JrIGFyb3VuZHMgZm9yIHRoaXMgYW5kIGhhdmUg
c2hpYmJvbGV0aCB3aXRoIGtlcmViZXJvcyBiYXNlZCDigJx0cnVlIHNpbmdsZSBzaWduIG9u4oCd
IHdvcmtpbmcgYW5kIGluIHByb2R1Y3Rpb24uDQpXZSBhcmUgIGhhcHB5IHRvIHNoYXJlIGRldGFp
bHMgb2Ygb3VyIHNldHVwIGlmIHlvdSBhcmUgaW50ZXJlc3RlZA0KQ2hlZXJzDQpDYWwNCg0KQ2Fs
ZWIgUmFjZXkNClN5c3RlbXMgYXJjaGl0ZWN0dXJlIG1hbmFnZXIgJiBwcm9qZWN0IG1hbmFnZXIg
Z2Zpdm8NCk5ld2Nhc3RsZSBVbml2ZXJzaXR5DQoNCg0KDQoNCkZyb206IERpc2N1c3Npb24gbGlz
dCBmb3IgU2hpYmJvbGV0aCBkZXZlbG9wbWVudHMgW21haWx0bzpKSVNDLVNISUJCT0xFVEhASklT
Q01BSUwuQUMuVUtdIE9uIEJlaGFsZiBPZiBTaW1vbiBQYWxtZXINClNlbnQ6IDIyIE9jdG9iZXIg
MjAxMiAxNToxMg0KVG86IEpJU0MtU0hJQkJPTEVUSEBKSVNDTUFJTC5BQy5VSw0KU3ViamVjdDog
UmU6IEtlcmJlcm9zIHRvIFNoaWJib2xldGggc2luZ2xlIHNpZ25vbg0KDQpIaSBEYXZpZCwNCk5v
LCBJJ20gbm90IGRvaW5nIHRoaXMsIGJ1dCBoZXJlIGlzIHdoYXQgTmV3Y2FzdGxlIFVuaSBkaWQ6
DQpodHRwOi8vZ2Zpdm8ubmNsLmFjLnVrL2RvY3VtZW50cy9Vc2luZ0tlcmJlcm9zdGlja2V0c2Zv
cnRydWVTaW5nbGVTaWduT24ucGRmDQpmeWksIGlmIHlvdSBjYW4gZG8gc2ltaWxhcjoNCldlIGFj
aGlldmUgZGVza3RvcCBTU08gYmVjYXVzZSBvdXIgaWRwJ3MgbG9naW4gcGFnZSBpcyAicHJvdGVj
dGVkIiAoU1NPJ2QpIHVzaW5nIE5ldElRIEFjY2VzcyBNYW5hZ2VyIChPdXIgaW5zdGl0dXRpb24n
cyByZXZlcnNlIHByb3h5LCBMQiwgc3NsIG9mZmxvYWQsIFNTTyBzeXN0ZW0pLg0KDQoNCg0KDQpT
aW1vbiBQYWxtZXINCkhlYWQgb2YgRGV2ZWxvcG1lbnQNCg0KQ29sZWdzaXJnw6JyDQoNCmUtbWFp
bDogc2ltb24ucGFsbWVyQGNvbGVnc2lyZ2FyLmFjLnVrPG1haWx0bzpzaW1vbi5wYWxtZXJAY29s
ZWdzaXJnYXIuYWMudWs+DQp0ZWw6IDAxNTU0IDc0ODA4OA0Kd3d3LmNvbGVnc2lyZ2FyLmFjLnVr
PGh0dHA6Ly93d3cuY29sZWdzaXJnYXIuYWMudWsvPg0KPj4+IERhdmlkIFBlcnJ5IDxEUGVycnlA
SFVMTC1DT0xMRUdFLkFDLlVLPG1haWx0bzpEUGVycnlASFVMTC1DT0xMRUdFLkFDLlVLPj4gMjIv
MTAvMjAxMiAxNDozNSA+Pj4NCkhpIGFsbA0KDQpEb2VzIGFueW9uZSBoYXZlIGFueSBleHBlcmll
bmNlIGRlcGxveWluZyB0aGlzPyBPbnRvIGEgbGludXggKFNMRVMgMTAgU1A0KSBJZFAuIEkndmUg
aW5zdGFsbGVkIHRoZSBLZXJiZXJvcyBjbGllbnQgc3R1ZmYgKEkgKnRoaW5rKiAtIGdvdCBrcmI1
LCBrcmI1LTMyYml0LCBrcmI1LWNsaWVudCwgeWFzdDIta2VyYmVyb3MtY2xpZW50IHBhY2tnZXMg
aW5zdGFsbGVkKSwgYnV0IG1vZF9hdXRoX2tlcmIgZm9yIEFwYWNoZSB3b24ndCBidWlsZCAtIGl0
J3MgY29tcGxhaW5pbmcgbm8gS2VyYmVyb3MgZW52aXJvbm1lbnQgaXMgc2V0dXAgeWV0LCBwcm9i
YWJseSBiZWNhdXNlIHVudGlsIElUIGZpZ3VyZSBvdXQgd2hhdCBLZXJiZXJvcyBwb3J0cyBhcmUg
bmVlZGVkIGFuZCB0aGVzZSBhcmUgb3BlbmVkLCBJIGNhbid0IGNvbmZpZ3VyZSB0aGUgY2xpZW50
IHRvIHRhbGsgdG8gb3VyIEFEIHNlcnZlci4NCg0KSSd2ZSByZWFkIHRoZSBLZXJiZXJvcyBsb2dp
biBoYW5kbGVyIGNvbmZpZyBleGFtcGxlIG9uIHRoaXMgcGFnZToNCmh0dHBzOi8vd2lraS5zaGli
Ym9sZXRoLm5ldC9jb25mbHVlbmNlL2Rpc3BsYXkvU0hJQjIvS2VyYmVyb3MrTG9naW4rSGFuZGxl
ciAoaGFuZGxlci54bWwgY29uZmlndXJhdGlvbikNCmFuZCBhbSB1bnN1cmUgd2hhdCBkb21haW5z
IHNob3VsZCBnbyB3aGVyZSBpbiB0aGUga3JiOlJlYWxtIHNlY3Rpb25zICh0aGVyZSBhcmUgdHdv
IGluIHRoaXMgZXhhbXBsZSwgYnV0IHdlIG9ubHkgd2FudCB0byB0YWxrIHRvIG9uZSBBRC9LZXJi
ZXJvcyBkb21haW4gdXNpbmcgb25lIGh0dHBzOi8vIC0gaG9zdGVkIElkUC4NCg0KRG8gd2Ugb25s
eSBuZWVkIDEgOlJlYWxtIGRlZmluaXRpb24/DQoNClRoYW5rcyBpbiBhZHZhbmNlIGZvciBzdWdn
ZXN0aW9ucy4NCg0KRGF2aWQgUGVycnkNCmVMZWFybmluZyBUZWNobm9sb2dpc3QsIGVMZWFybmlu
ZyBUZWFtIChMMzQgLSBMaWJyYXJ5KQ0KSHVsbCBDb2xsZWdlIEdyb3VwDQpXaWxiZXJmb3JjZSBE
cml2ZSwgUXVlZW4ncyBHYXJkZW5zLCBIdWxsDQpIVTEgM0RHDQpFeHRlbnNpb24gMjIzMCAvIERp
cmVjdCBEaWFsIDAxNDgyIDM4MTkzMA0KDQoNCg0KKiAqICogVGhpbmsgYWJvdXQgdGhlIGVudmly
b25tZW50IC0gRG8geW91IHJlYWxseSBuZWVkIHRvIHByaW50IHRoaXMgZW1haWw/DQoNCg0KKioq
KioqKioqKioqKioqKioqKioqKioqKioqKioqKioqKioqKioqKioqKioqKioqKioqKioqKioqKioq
KioqKioqKioqKg0KVGhpcyBtZXNzYWdlIGlzIHNlbnQgaW4gY29uZmlkZW5jZSBmb3IgdGhlIGFk
ZHJlc3NlZQ0Kb25seS4gSXQgbWF5ICBjb250YWluIGNvbmZpZGVudGlhbCBvciBzZW5zaXRpdmUN
CmluZm9ybWF0aW9uLiAgVGhlIGNvbnRlbnRzIGFyZSBub3QgdG8gYmUgZGlzY2xvc2VkDQp0byBh
bnlvbmUgb3RoZXIgdGhhbiB0aGUgYWRkcmVzc2VlLiAgVW5hdXRob3Jpc2VkDQpyZWNpcGllbnRz
IGFyZSByZXF1ZXN0ZWQgdG8gcHJlc2VydmUgdGhpcw0KY29uZmlkZW50aWFsaXR5IGFuZCB0byBh
ZHZpc2UgdXMgb2YgYW55IGVycm9ycyBpbg0KdHJhbnNtaXNzaW9uLiAgQW55IHZpZXdzIGV4cHJl
c3NlZCBpbiB0aGlzIG1lc3NhZ2UNCmFyZSBzb2xlbHkgdGhlIHZpZXdzIG9mIHRoZSBpbmRpdmlk
dWFsIGFuZCBkbyBub3QNCnJlcHJlc2VudCB0aGUgdmlld3Mgb2YgdGhlIENvbGxlZ2UuICBOb3Ro
aW5nIGluIHRoaXMNCm1lc3NhZ2Ugc2hvdWxkIGJlIGNvbnN0cnVlZCBhcyBjcmVhdGluZyBhIGNv
bnRyYWN0Lg0KDQpIdWxsIENvbGxlZ2Ugb3ducyB0aGUgZW1haWwgaW5mcmFzdHJ1Y3R1cmUsIGlu
Y2x1ZGluZyB0aGUgY29udGVudHMuDQoNCkh1bGwgQ29sbGVnZSBpcyBjb21taXR0ZWQgdG8gc3Vz
dGFpbmFiaWxpdHksIHBsZWFzZSByZWZsZWN0IGJlZm9yZSBwcmludGluZyB0aGlzIGVtYWlsLg0K
KioqKioqKioqKioqKioqKioqKioqKioqKioqKioqKioqKioqKioqKioqKioqKioqKioqKioqKioq
KioqKioqKioqKioqKg0KDQpbY2lkOmltYWdlMDAxLmpwZ0AwMUNEQjA2OS5CRUYwNUFEMF0NCk1h
ZSdyIGUtYm9zdCBod24gYWMgdW5yaHl3IGZmZWlsaWF1IGF0b2RlZGlnIHluIGd5ZnJpbmFjaG9s
IGFjIGF0IHN5bHcnciB1bmlnb2x5biBuZXUnciBzZWZ5ZGxpYWQgYSBlbndpciB1Y2hvZC4gQnlk
ZCB1bnJoeXcgZmFybiBuZXUgc3lsd2FkYXUgYSBmeW5lZ2lyIHluIHBlcnRoeW4gaSdyIGF3ZHVy
IHluIHVuaWcgYWMgbmkgY2h5bnJ5Y2hpb2xhbnQgbyBhbmdoZW5yYWlkIGZhcm4gQ29sZWcgU2ly
IEfDonIuIE9zIHlkeWNoIGNoaSB3ZWRpIGRlcmJ5biB5ciBlLWJvc3QgaHduIGFyIGdhbSwgcmhv
d2NoIHN5bHcgaSdyIGd3ZWlueWRkd3IgYXIgeSBjeWZlaXJpYWQgY2FubHlub2w6IHBvc3RtYXN0
ZXJAY29sZWdzaXJnYXIuYWMudWs8bWFpbHRvOnBvc3RtYXN0ZXJAY29sZWdzaXJnYXIuYWMudWs+
DQpDeXNpZHJ3Y2ggeXIgYW1neWxjaGVkZCAtIGEgb2VzIHdpciBhbmdlbiBhcmdyYWZmdSdyIGVi
b3N0IGh3bj8NClRoaXMgZW1haWwgYW5kIGFueSBmaWxlcyB0cmFuc21pdHRlZCB3aXRoIGl0IGFy
ZSBjb25maWRlbnRpYWwgYW5kIGludGVuZGVkIHNvbGVseSBmb3IgdGhlIHVzZSBvZiB0aGUgaW5k
aXZpZHVhbCBvciBlbnRpdHkgdG8gd2hvbSB0aGV5IGFyZSBhZGRyZXNzZWQuIEFueSB2aWV3cyBv
ciBvcGluaW9ucyBleHByZXNzZWQgYXJlIHNvbGVseSB0aG9zZSBvZiB0aGUgYXV0aG9yIGFuZCBk
byBub3QgbmVjZXNzYXJpbHkgcmVwcmVzZW50IHRob3NlIG9mIENvbGVnIFNpciBHw6JyLiBJZiB5
b3UgaGF2ZSByZWNlaXZlZCB0aGlzIGVtYWlsIGluIGVycm9yIHBsZWFzZSBub3RpZnkgdGhlIGFk
bWluaXN0cmF0b3Igb24gdGhlIGZvbGxvd2luZyBhZGRyZXNzOiBwb3N0bWFzdGVyQGNvbGVnc2ly
Z2FyLmFjLnVrPG1haWx0bzpwb3N0bWFzdGVyQGNvbGVnc2lyZ2FyLmFjLnVrPg0KUGxlYXNlIGNv
bnNpZGVyIHRoZSBlbnZpcm9ubWVudCAtIGRvIHlvdSByZWFsbHkgbmVlZCB0byBwcmludCB0aGlz
IGVtYWlsPw0K
--_000_AA48E7A39AF95D4097B90DF882368BED0325BCEXMBDB02campusncl_
Content-Type: text/html; charset="utf-8"
Content-Transfer-Encoding: base64
PGh0bWwgeG1sbnM6dj0idXJuOnNjaGVtYXMtbWljcm9zb2Z0LWNvbTp2bWwiIHhtbG5zOm89InVy
bjpzY2hlbWFzLW1pY3Jvc29mdC1jb206b2ZmaWNlOm9mZmljZSIgeG1sbnM6dz0idXJuOnNjaGVt
YXMtbWljcm9zb2Z0LWNvbTpvZmZpY2U6d29yZCIgeG1sbnM6bT0iaHR0cDovL3NjaGVtYXMubWlj
cm9zb2Z0LmNvbS9vZmZpY2UvMjAwNC8xMi9vbW1sIiB4bWxucz0iaHR0cDovL3d3dy53My5vcmcv
VFIvUkVDLWh0bWw0MCI+DQo8aGVhZD4NCjxtZXRhIGh0dHAtZXF1aXY9IkNvbnRlbnQtVHlwZSIg
Y29udGVudD0idGV4dC9odG1sOyBjaGFyc2V0PXV0Zi04Ij4NCjxtZXRhIG5hbWU9IkdlbmVyYXRv
ciIgY29udGVudD0iTWljcm9zb2Z0IFdvcmQgMTQgKGZpbHRlcmVkIG1lZGl1bSkiPg0KPCEtLVtp
ZiAhbXNvXT48c3R5bGU+dlw6KiB7YmVoYXZpb3I6dXJsKCNkZWZhdWx0I1ZNTCk7fQ0Kb1w6KiB7
YmVoYXZpb3I6dXJsKCNkZWZhdWx0I1ZNTCk7fQ0Kd1w6KiB7YmVoYXZpb3I6dXJsKCNkZWZhdWx0
I1ZNTCk7fQ0KLnNoYXBlIHtiZWhhdmlvcjp1cmwoI2RlZmF1bHQjVk1MKTt9DQo8L3N0eWxlPjwh
W2VuZGlmXS0tPjxzdHlsZT48IS0tDQovKiBGb250IERlZmluaXRpb25zICovDQpAZm9udC1mYWNl
DQoJe2ZvbnQtZmFtaWx5OkNhbGlicmk7DQoJcGFub3NlLTE6MiAxNSA1IDIgMiAyIDQgMyAyIDQ7
fQ0KQGZvbnQtZmFjZQ0KCXtmb250LWZhbWlseTpUYWhvbWE7DQoJcGFub3NlLTE6MiAxMSA2IDQg
MyA1IDQgNCAyIDQ7fQ0KQGZvbnQtZmFjZQ0KCXtmb250LWZhbWlseToiU2Vnb2UgVUkiOw0KCXBh
bm9zZS0xOjIgMTEgNSAyIDQgMiA0IDIgMiAzO30NCi8qIFN0eWxlIERlZmluaXRpb25zICovDQpw
Lk1zb05vcm1hbCwgbGkuTXNvTm9ybWFsLCBkaXYuTXNvTm9ybWFsDQoJe21zby1tYXJnaW4tdG9w
LWFsdDphdXRvOw0KCW1hcmdpbi1yaWdodDowY207DQoJbXNvLW1hcmdpbi1ib3R0b20tYWx0OmF1
dG87DQoJbWFyZ2luLWxlZnQ6MGNtOw0KCWZvbnQtc2l6ZToxMi4wcHQ7DQoJZm9udC1mYW1pbHk6
IlRpbWVzIE5ldyBSb21hbiIsInNlcmlmIjsNCgltc28tYmVsaWV2ZS1ub3JtYWwtbGVmdDp5ZXM7
fQ0KYTpsaW5rLCBzcGFuLk1zb0h5cGVybGluaw0KCXttc28tc3R5bGUtcHJpb3JpdHk6OTk7DQoJ
Y29sb3I6Ymx1ZTsNCgl0ZXh0LWRlY29yYXRpb246dW5kZXJsaW5lO30NCmE6dmlzaXRlZCwgc3Bh
bi5Nc29IeXBlcmxpbmtGb2xsb3dlZA0KCXttc28tc3R5bGUtcHJpb3JpdHk6OTk7DQoJY29sb3I6
cHVycGxlOw0KCXRleHQtZGVjb3JhdGlvbjp1bmRlcmxpbmU7fQ0Kc3Bhbi5FbWFpbFN0eWxlMTcN
Cgl7bXNvLXN0eWxlLXR5cGU6cGVyc29uYWwtcmVwbHk7DQoJZm9udC1mYW1pbHk6IkNhbGlicmki
LCJzYW5zLXNlcmlmIjsNCgljb2xvcjojMUY0OTdEO30NCi5Nc29DaHBEZWZhdWx0DQoJe21zby1z
dHlsZS10eXBlOmV4cG9ydC1vbmx5Ow0KCWZvbnQtc2l6ZToxMC4wcHQ7fQ0KQHBhZ2UgV29yZFNl
Y3Rpb24xDQoJe3NpemU6NjEyLjBwdCA3OTIuMHB0Ow0KCW1hcmdpbjo3Mi4wcHQgNzIuMHB0IDcy
LjBwdCA3Mi4wcHQ7fQ0KZGl2LldvcmRTZWN0aW9uMQ0KCXtwYWdlOldvcmRTZWN0aW9uMTt9DQot
LT48L3N0eWxlPjwhW2lmIG1zbyA5XT48c3R5bGU+cC5Nc29Ob3JtYWwNCgl7bWFyZ2luLWxlZnQ6
My4wcHQ7fQ0KPC9zdHlsZT48IVtlbmRpZl0+PCEtLVtpZiBndGUgbXNvIDldPjx4bWw+DQo8bzpz
aGFwZWRlZmF1bHRzIHY6ZXh0PSJlZGl0IiBzcGlkbWF4PSIxMDI2IiAvPg0KPC94bWw+PCFbZW5k
aWZdLS0+PCEtLVtpZiBndGUgbXNvIDldPjx4bWw+DQo8bzpzaGFwZWxheW91dCB2OmV4dD0iZWRp
dCI+DQo8bzppZG1hcCB2OmV4dD0iZWRpdCIgZGF0YT0iMSIgLz4NCjwvbzpzaGFwZWxheW91dD48
L3htbD48IVtlbmRpZl0tLT4NCjwvaGVhZD4NCjxib2R5IGxhbmc9IkVOLUdCIiBsaW5rPSJibHVl
IiB2bGluaz0icHVycGxlIiBzdHlsZT0ibWFyZ2luLWxlZnQ6My4wcHQ7bWFyZ2luLXRvcDozLjBw
dDttYXJnaW4tcmlnaHQ6My4wcHQ7bWFyZ2luLWJvdHRvbTouNzVwdCI+DQo8ZGl2IGNsYXNzPSJX
b3JkU2VjdGlvbjEiPg0KPHAgY2xhc3M9Ik1zb05vcm1hbCI+PHNwYW4gc3R5bGU9ImZvbnQtc2l6
ZToxMS4wcHQ7Zm9udC1mYW1pbHk6JnF1b3Q7Q2FsaWJyaSZxdW90OywmcXVvdDtzYW5zLXNlcmlm
JnF1b3Q7O2NvbG9yOiMxRjQ5N0QiPlRoZSBkb2N1bWVudCBzaW1vbiBwb2ludGVkIGF0IHlvdSBp
cyBhIGdvb2QmbmJzcDsgZmlyc3Qgc3RlcCB0byBnZXR0aW5nIEtlcmJlcm9zIHRvIHdvcmsuJm5i
c3A7IFRlc3Rpbmcgd2l0aCBtb2RfYXV0aF9rZXJiIG9uIGl04oCZcyBvd24gaXMgYSBnb29kIHdh
eSBvZiBjaGVja2luZyB5b3VyDQogS2VyYmVyb3MgY29uZmlnJm5ic3A7IHdvcmtzIGJlZm9yZSB5
b3UgbG9vayBhdCBzZXR0aW5nIHVwIHRoZSBzaGliYm9sZXRoIGtlcmViZXJvIGxvZ2luIGhhbmRs
ZXIuICZuYnNwOyZuYnNwO0luIHByb2R1Y3Rpb25zIHdlIGRvbuKAmXQgdXNlIG1vZCBhdXRoIGtl
cmIgd2UgdXNlIHRoZSBzaGliYm9sZXRoIEtlcmJlcm9zIGxvZ2luIGhhbmRsZXIgdGhhdCB0aGUg
Zm9sa3Mgb3ZlciBpbiB0aGUgc3dpc3Mgc3dpdGNoIGZlZGVyYXRpb24gYnVpbHQuJm5ic3A7Jm5i
c3A7IFRoZSBwcm9ibGVtIHdpdGgNCiBtb2RfYXV0aF9rZXJiIGlzICZuYnNwO3RoZSBmYWlsb3Zl
ciBiZWhhdmlvdXIgd2hlcmUgaXMgcG9wcyB1cCB0aGUgZ3JleSBiYWNpIGF1dGggYm94IHJhdGhl
ciB0aGFuIGZvcm1zIGJhc2VkIGxvZ2luIChkZXBlbmRzIG9uIHdoaWNoIGJyb3dzZXIgaXMgYmVp
bmcgdXNlZCkuICZuYnNwOyZuYnNwO1dlIGhhdmUgbWFuYWdlZCB0byBnZXQgd29yayBhcm91bmRz
IGZvciB0aGlzIGFuZCBoYXZlIHNoaWJib2xldGggd2l0aCBrZXJlYmVyb3MgYmFzZWQg4oCcdHJ1
ZSBzaW5nbGUgc2lnbg0KIG9u4oCdIHdvcmtpbmcgYW5kIGluIHByb2R1Y3Rpb24uPG86cD48L286
cD48L3NwYW4+PC9wPg0KPHAgY2xhc3M9Ik1zb05vcm1hbCI+PHNwYW4gc3R5bGU9ImZvbnQtc2l6
ZToxMS4wcHQ7Zm9udC1mYW1pbHk6JnF1b3Q7Q2FsaWJyaSZxdW90OywmcXVvdDtzYW5zLXNlcmlm
JnF1b3Q7O2NvbG9yOiMxRjQ5N0QiPldlIGFyZSZuYnNwOyBoYXBweSB0byBzaGFyZSBkZXRhaWxz
IG9mIG91ciBzZXR1cCBpZiB5b3UgYXJlIGludGVyZXN0ZWQNCjxvOnA+PC9vOnA+PC9zcGFuPjwv
cD4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiPjxzcGFuIHN0eWxlPSJmb250LXNpemU6MTEuMHB0O2Zv
bnQtZmFtaWx5OiZxdW90O0NhbGlicmkmcXVvdDssJnF1b3Q7c2Fucy1zZXJpZiZxdW90Oztjb2xv
cjojMUY0OTdEIj5DaGVlcnM8bzpwPjwvbzpwPjwvc3Bhbj48L3A+DQo8cCBjbGFzcz0iTXNvTm9y
bWFsIj48c3BhbiBzdHlsZT0iZm9udC1zaXplOjExLjBwdDtmb250LWZhbWlseTomcXVvdDtDYWxp
YnJpJnF1b3Q7LCZxdW90O3NhbnMtc2VyaWYmcXVvdDs7Y29sb3I6IzFGNDk3RCI+Q2FsDQo8bzpw
PjwvbzpwPjwvc3Bhbj48L3A+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIj48c3BhbiBzdHlsZT0iZm9u
dC1zaXplOjExLjBwdDtmb250LWZhbWlseTomcXVvdDtDYWxpYnJpJnF1b3Q7LCZxdW90O3NhbnMt
c2VyaWYmcXVvdDs7Y29sb3I6IzFGNDk3RCI+PG86cD4mbmJzcDs8L286cD48L3NwYW4+PC9wPg0K
PHAgY2xhc3M9Ik1zb05vcm1hbCI+PHNwYW4gc3R5bGU9ImZvbnQtc2l6ZToxMS4wcHQ7Zm9udC1m
YW1pbHk6JnF1b3Q7Q2FsaWJyaSZxdW90OywmcXVvdDtzYW5zLXNlcmlmJnF1b3Q7O2NvbG9yOiMx
RjQ5N0QiPkNhbGViIFJhY2V5DQo8bzpwPjwvbzpwPjwvc3Bhbj48L3A+DQo8cCBjbGFzcz0iTXNv
Tm9ybWFsIj48c3BhbiBzdHlsZT0iZm9udC1zaXplOjExLjBwdDtmb250LWZhbWlseTomcXVvdDtD
YWxpYnJpJnF1b3Q7LCZxdW90O3NhbnMtc2VyaWYmcXVvdDs7Y29sb3I6IzFGNDk3RCI+U3lzdGVt
cyBhcmNoaXRlY3R1cmUgbWFuYWdlciAmYW1wOyBwcm9qZWN0IG1hbmFnZXIgZ2Zpdm88bzpwPjwv
bzpwPjwvc3Bhbj48L3A+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIj48c3BhbiBzdHlsZT0iZm9udC1z
aXplOjExLjBwdDtmb250LWZhbWlseTomcXVvdDtDYWxpYnJpJnF1b3Q7LCZxdW90O3NhbnMtc2Vy
aWYmcXVvdDs7Y29sb3I6IzFGNDk3RCI+TmV3Y2FzdGxlIFVuaXZlcnNpdHkgJm5ic3A7PG86cD48
L286cD48L3NwYW4+PC9wPg0KPHAgY2xhc3M9Ik1zb05vcm1hbCI+PHNwYW4gc3R5bGU9ImZvbnQt
c2l6ZToxMS4wcHQ7Zm9udC1mYW1pbHk6JnF1b3Q7Q2FsaWJyaSZxdW90OywmcXVvdDtzYW5zLXNl
cmlmJnF1b3Q7O2NvbG9yOiMxRjQ5N0QiPjxvOnA+Jm5ic3A7PC9vOnA+PC9zcGFuPjwvcD4NCjxw
IGNsYXNzPSJNc29Ob3JtYWwiPjxzcGFuIHN0eWxlPSJmb250LXNpemU6MTEuMHB0O2ZvbnQtZmFt
aWx5OiZxdW90O0NhbGlicmkmcXVvdDssJnF1b3Q7c2Fucy1zZXJpZiZxdW90Oztjb2xvcjojMUY0
OTdEIj48bzpwPiZuYnNwOzwvbzpwPjwvc3Bhbj48L3A+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIj48
c3BhbiBzdHlsZT0iZm9udC1zaXplOjExLjBwdDtmb250LWZhbWlseTomcXVvdDtDYWxpYnJpJnF1
b3Q7LCZxdW90O3NhbnMtc2VyaWYmcXVvdDs7Y29sb3I6IzFGNDk3RCI+Jm5ic3A7PG86cD48L286
cD48L3NwYW4+PC9wPg0KPHAgY2xhc3M9Ik1zb05vcm1hbCI+PHNwYW4gc3R5bGU9ImZvbnQtc2l6
ZToxMS4wcHQ7Zm9udC1mYW1pbHk6JnF1b3Q7Q2FsaWJyaSZxdW90OywmcXVvdDtzYW5zLXNlcmlm
JnF1b3Q7O2NvbG9yOiMxRjQ5N0QiPjxvOnA+Jm5ic3A7PC9vOnA+PC9zcGFuPjwvcD4NCjxkaXYg
c3R5bGU9ImJvcmRlcjpub25lO2JvcmRlci1sZWZ0OnNvbGlkIGJsdWUgMS41cHQ7cGFkZGluZzow
Y20gMGNtIDBjbSA0LjBwdCI+DQo8ZGl2Pg0KPGRpdiBzdHlsZT0iYm9yZGVyOm5vbmU7Ym9yZGVy
LXRvcDpzb2xpZCAjQjVDNERGIDEuMHB0O3BhZGRpbmc6My4wcHQgMGNtIDBjbSAwY20iPg0KPHAg
Y2xhc3M9Ik1zb05vcm1hbCIgc3R5bGU9Im1hcmdpbjowY207bWFyZ2luLWJvdHRvbTouMDAwMXB0
Ij48Yj48c3BhbiBsYW5nPSJFTi1VUyIgc3R5bGU9ImZvbnQtc2l6ZToxMC4wcHQ7Zm9udC1mYW1p
bHk6JnF1b3Q7VGFob21hJnF1b3Q7LCZxdW90O3NhbnMtc2VyaWYmcXVvdDsiPkZyb206PC9zcGFu
PjwvYj48c3BhbiBsYW5nPSJFTi1VUyIgc3R5bGU9ImZvbnQtc2l6ZToxMC4wcHQ7Zm9udC1mYW1p
bHk6JnF1b3Q7VGFob21hJnF1b3Q7LCZxdW90O3NhbnMtc2VyaWYmcXVvdDsiPiBEaXNjdXNzaW9u
IGxpc3QgZm9yDQogU2hpYmJvbGV0aCBkZXZlbG9wbWVudHMgW21haWx0bzpKSVNDLVNISUJCT0xF
VEhASklTQ01BSUwuQUMuVUtdIDxiPk9uIEJlaGFsZiBPZiA8L2I+DQpTaW1vbiBQYWxtZXI8YnI+
DQo8Yj5TZW50OjwvYj4gMjIgT2N0b2JlciAyMDEyIDE1OjEyPGJyPg0KPGI+VG86PC9iPiBKSVND
LVNISUJCT0xFVEhASklTQ01BSUwuQUMuVUs8YnI+DQo8Yj5TdWJqZWN0OjwvYj4gUmU6IEtlcmJl
cm9zIHRvIFNoaWJib2xldGggc2luZ2xlIHNpZ25vbjxvOnA+PC9vOnA+PC9zcGFuPjwvcD4NCjwv
ZGl2Pg0KPC9kaXY+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIj48bzpwPiZuYnNwOzwvbzpwPjwvcD4N
CjxkaXY+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIiBzdHlsZT0ibWFyZ2luOjBjbTttYXJnaW4tYm90
dG9tOi4wMDAxcHQiPjxzcGFuIHN0eWxlPSJmb250LXNpemU6MTAuMHB0O2ZvbnQtZmFtaWx5OiZx
dW90O1NlZ29lIFVJJnF1b3Q7LCZxdW90O3NhbnMtc2VyaWYmcXVvdDsiPkhpIERhdmlkLDxvOnA+
PC9vOnA+PC9zcGFuPjwvcD4NCjwvZGl2Pg0KPGRpdj4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiIHN0
eWxlPSJtYXJnaW46MGNtO21hcmdpbi1ib3R0b206LjAwMDFwdCI+PHNwYW4gc3R5bGU9ImZvbnQt
c2l6ZToxMC4wcHQ7Zm9udC1mYW1pbHk6JnF1b3Q7U2Vnb2UgVUkmcXVvdDssJnF1b3Q7c2Fucy1z
ZXJpZiZxdW90OyI+Tm8sIEknbSBub3QgZG9pbmcgdGhpcywgYnV0IGhlcmUgaXMgd2hhdCBOZXdj
YXN0bGUgVW5pIGRpZDo8bzpwPjwvbzpwPjwvc3Bhbj48L3A+DQo8L2Rpdj4NCjxkaXY+DQo8cCBj
bGFzcz0iTXNvTm9ybWFsIiBzdHlsZT0ibWFyZ2luOjBjbTttYXJnaW4tYm90dG9tOi4wMDAxcHQi
PjxzcGFuIHN0eWxlPSJmb250LXNpemU6MTAuMHB0O2ZvbnQtZmFtaWx5OiZxdW90O1NlZ29lIFVJ
JnF1b3Q7LCZxdW90O3NhbnMtc2VyaWYmcXVvdDsiPjxhIGhyZWY9Imh0dHA6Ly9nZml2by5uY2wu
YWMudWsvZG9jdW1lbnRzL1VzaW5nS2VyYmVyb3N0aWNrZXRzZm9ydHJ1ZVNpbmdsZVNpZ25Pbi5w
ZGYiPmh0dHA6Ly9nZml2by5uY2wuYWMudWsvZG9jdW1lbnRzL1VzaW5nS2VyYmVyb3N0aWNrZXRz
Zm9ydHJ1ZVNpbmdsZVNpZ25Pbi5wZGY8L2E+PG86cD48L286cD48L3NwYW4+PC9wPg0KPC9kaXY+
DQo8ZGl2Pg0KPHAgY2xhc3M9Ik1zb05vcm1hbCIgc3R5bGU9Im1hcmdpbjowY207bWFyZ2luLWJv
dHRvbTouMDAwMXB0Ij48c3BhbiBzdHlsZT0iZm9udC1zaXplOjEwLjBwdDtmb250LWZhbWlseTom
cXVvdDtTZWdvZSBVSSZxdW90OywmcXVvdDtzYW5zLXNlcmlmJnF1b3Q7Ij5meWksIGlmIHlvdSBj
YW4gZG8gc2ltaWxhcjo8bzpwPjwvbzpwPjwvc3Bhbj48L3A+DQo8L2Rpdj4NCjxkaXY+DQo8cCBj
bGFzcz0iTXNvTm9ybWFsIiBzdHlsZT0ibWFyZ2luOjBjbTttYXJnaW4tYm90dG9tOi4wMDAxcHQi
PjxzcGFuIHN0eWxlPSJmb250LXNpemU6MTAuMHB0O2ZvbnQtZmFtaWx5OiZxdW90O1NlZ29lIFVJ
JnF1b3Q7LCZxdW90O3NhbnMtc2VyaWYmcXVvdDsiPldlIGFjaGlldmUgZGVza3RvcCBTU08gYmVj
YXVzZSBvdXIgaWRwJ3MgbG9naW4gcGFnZSBpcyAmcXVvdDtwcm90ZWN0ZWQmcXVvdDsgKFNTTydk
KSZuYnNwO3VzaW5nIE5ldElRIEFjY2VzcyBNYW5hZ2VyIChPdXIgaW5zdGl0dXRpb24ncyByZXZl
cnNlDQogcHJveHksIExCLCBzc2wmbmJzcDtvZmZsb2FkLCZuYnNwO1NTTyBzeXN0ZW0pLjxvOnA+
PC9vOnA+PC9zcGFuPjwvcD4NCjwvZGl2Pg0KPGRpdj4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiIHN0
eWxlPSJtYXJnaW46MGNtO21hcmdpbi1ib3R0b206LjAwMDFwdCI+PHNwYW4gc3R5bGU9ImZvbnQt
c2l6ZToxMC4wcHQ7Zm9udC1mYW1pbHk6JnF1b3Q7U2Vnb2UgVUkmcXVvdDssJnF1b3Q7c2Fucy1z
ZXJpZiZxdW90OyI+Jm5ic3A7PG86cD48L286cD48L3NwYW4+PC9wPg0KPC9kaXY+DQo8ZGl2Pg0K
PHAgY2xhc3M9Ik1zb05vcm1hbCIgc3R5bGU9Im1hcmdpbjowY207bWFyZ2luLWJvdHRvbTouMDAw
MXB0Ij48c3BhbiBzdHlsZT0iZm9udC1zaXplOjEwLjBwdDtmb250LWZhbWlseTomcXVvdDtTZWdv
ZSBVSSZxdW90OywmcXVvdDtzYW5zLXNlcmlmJnF1b3Q7Ij48YnI+DQombmJzcDs8bzpwPjwvbzpw
Pjwvc3Bhbj48L3A+DQo8L2Rpdj4NCjxkaXY+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIiBzdHlsZT0i
bWFyZ2luOjBjbTttYXJnaW4tYm90dG9tOi4wMDAxcHQiPjxzcGFuIHN0eWxlPSJmb250LXNpemU6
MTAuMHB0O2ZvbnQtZmFtaWx5OiZxdW90O1NlZ29lIFVJJnF1b3Q7LCZxdW90O3NhbnMtc2VyaWYm
cXVvdDsiPiZuYnNwOzxvOnA+PC9vOnA+PC9zcGFuPjwvcD4NCjwvZGl2Pg0KPGRpdj4NCjxkaXY+
DQo8cCBjbGFzcz0iTXNvTm9ybWFsIiBzdHlsZT0ibWFyZ2luOjBjbTttYXJnaW4tYm90dG9tOi4w
MDAxcHQiPjxzcGFuIHN0eWxlPSJmb250LXNpemU6MTAuMHB0O2ZvbnQtZmFtaWx5OiZxdW90O1Nl
Z29lIFVJJnF1b3Q7LCZxdW90O3NhbnMtc2VyaWYmcXVvdDsiPlNpbW9uIFBhbG1lcjxicj4NCkhl
YWQgb2YgRGV2ZWxvcG1lbnQ8bzpwPjwvbzpwPjwvc3Bhbj48L3A+DQo8L2Rpdj4NCjxkaXY+DQo8
cCBjbGFzcz0iTXNvTm9ybWFsIiBzdHlsZT0ibWFyZ2luOjBjbTttYXJnaW4tYm90dG9tOi4wMDAx
cHQiPjxzcGFuIHN0eWxlPSJmb250LXNpemU6MTAuMHB0O2ZvbnQtZmFtaWx5OiZxdW90O1NlZ29l
IFVJJnF1b3Q7LCZxdW90O3NhbnMtc2VyaWYmcXVvdDsiPiZuYnNwOzxvOnA+PC9vOnA+PC9zcGFu
PjwvcD4NCjwvZGl2Pg0KPGRpdj4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiIHN0eWxlPSJtYXJnaW46
MGNtO21hcmdpbi1ib3R0b206LjAwMDFwdCI+PHNwYW4gc3R5bGU9ImZvbnQtc2l6ZToxMC4wcHQ7
Zm9udC1mYW1pbHk6JnF1b3Q7U2Vnb2UgVUkmcXVvdDssJnF1b3Q7c2Fucy1zZXJpZiZxdW90OyI+
Q29sZWdzaXJnw6JyPGJyPg0KPGJyPg0KZS1tYWlsOiA8YSBocmVmPSJtYWlsdG86c2ltb24ucGFs
bWVyQGNvbGVnc2lyZ2FyLmFjLnVrIj5zaW1vbi5wYWxtZXJAY29sZWdzaXJnYXIuYWMudWs8L2E+
PG86cD48L286cD48L3NwYW4+PC9wPg0KPC9kaXY+DQo8ZGl2Pg0KPHAgY2xhc3M9Ik1zb05vcm1h
bCIgc3R5bGU9Im1hcmdpbjowY207bWFyZ2luLWJvdHRvbTouMDAwMXB0Ij48c3BhbiBzdHlsZT0i
Zm9udC1zaXplOjEwLjBwdDtmb250LWZhbWlseTomcXVvdDtTZWdvZSBVSSZxdW90OywmcXVvdDtz
YW5zLXNlcmlmJnF1b3Q7Ij50ZWw6IDAxNTU0IDc0ODA4ODxicj4NCjxhIGhyZWY9Imh0dHA6Ly93
d3cuY29sZWdzaXJnYXIuYWMudWsvIj53d3cuY29sZWdzaXJnYXIuYWMudWs8L2E+PG86cD48L286
cD48L3NwYW4+PC9wPg0KPC9kaXY+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIiBzdHlsZT0ibWFyZ2lu
OjBjbTttYXJnaW4tYm90dG9tOi4wMDAxcHQiPjxzcGFuIHN0eWxlPSJmb250LXNpemU6MTAuMHB0
O2ZvbnQtZmFtaWx5OiZxdW90O1NlZ29lIFVJJnF1b3Q7LCZxdW90O3NhbnMtc2VyaWYmcXVvdDsi
PiZndDsmZ3Q7Jmd0OyBEYXZpZCBQZXJyeSAmbHQ7PGEgaHJlZj0ibWFpbHRvOkRQZXJyeUBIVUxM
LUNPTExFR0UuQUMuVUsiPkRQZXJyeUBIVUxMLUNPTExFR0UuQUMuVUs8L2E+Jmd0OyAyMi8xMC8y
MDEyIDE0OjM1ICZndDsmZ3Q7Jmd0Ozxicj4NCkhpIGFsbDxicj4NCjxicj4NCkRvZXMgYW55b25l
IGhhdmUgYW55IGV4cGVyaWVuY2UgZGVwbG95aW5nIHRoaXM/IE9udG8gYSBsaW51eCAoU0xFUyAx
MCBTUDQpIElkUC4gSSd2ZSBpbnN0YWxsZWQgdGhlIEtlcmJlcm9zIGNsaWVudCBzdHVmZiAoSSAq
dGhpbmsqIC0gZ290IGtyYjUsIGtyYjUtMzJiaXQsIGtyYjUtY2xpZW50LCB5YXN0Mi1rZXJiZXJv
cy1jbGllbnQgcGFja2dlcyBpbnN0YWxsZWQpLCBidXQgbW9kX2F1dGhfa2VyYiBmb3IgQXBhY2hl
IHdvbid0IGJ1aWxkIC0gaXQncw0KIGNvbXBsYWluaW5nIG5vIEtlcmJlcm9zIGVudmlyb25tZW50
IGlzIHNldHVwIHlldCwgcHJvYmFibHkgYmVjYXVzZSB1bnRpbCBJVCBmaWd1cmUgb3V0IHdoYXQg
S2VyYmVyb3MgcG9ydHMgYXJlIG5lZWRlZCBhbmQgdGhlc2UgYXJlIG9wZW5lZCwgSSBjYW4ndCBj
b25maWd1cmUgdGhlIGNsaWVudCB0byB0YWxrIHRvIG91ciBBRCBzZXJ2ZXIuPGJyPg0KPGJyPg0K
SSd2ZSByZWFkIHRoZSBLZXJiZXJvcyBsb2dpbiBoYW5kbGVyIGNvbmZpZyBleGFtcGxlIG9uIHRo
aXMgcGFnZTo8YnI+DQo8YSBocmVmPSJodHRwczovL3dpa2kuc2hpYmJvbGV0aC5uZXQvY29uZmx1
ZW5jZS9kaXNwbGF5L1NISUIyL0tlcmJlcm9zJiM0MztMb2dpbiYjNDM7SGFuZGxlciI+aHR0cHM6
Ly93aWtpLnNoaWJib2xldGgubmV0L2NvbmZsdWVuY2UvZGlzcGxheS9TSElCMi9LZXJiZXJvcyYj
NDM7TG9naW4mIzQzO0hhbmRsZXI8L2E+IChoYW5kbGVyLnhtbCBjb25maWd1cmF0aW9uKTxicj4N
CmFuZCBhbSB1bnN1cmUgd2hhdCBkb21haW5zIHNob3VsZCBnbyB3aGVyZSBpbiB0aGUga3JiOlJl
YWxtIHNlY3Rpb25zICh0aGVyZSBhcmUgdHdvIGluIHRoaXMgZXhhbXBsZSwgYnV0IHdlIG9ubHkg
d2FudCB0byB0YWxrIHRvIG9uZSBBRC9LZXJiZXJvcyBkb21haW4gdXNpbmcgb25lDQo8YSBocmVm
PSJodHRwczovLyI+aHR0cHM6Ly88L2E+IC0gaG9zdGVkIElkUC48YnI+DQo8YnI+DQpEbyB3ZSBv
bmx5IG5lZWQgMSA6UmVhbG0gZGVmaW5pdGlvbj88YnI+DQo8YnI+DQpUaGFua3MgaW4gYWR2YW5j
ZSBmb3Igc3VnZ2VzdGlvbnMuPGJyPg0KPGJyPg0KRGF2aWQgUGVycnk8YnI+DQplTGVhcm5pbmcg
VGVjaG5vbG9naXN0LCBlTGVhcm5pbmcgVGVhbSAoTDM0IC0gTGlicmFyeSk8YnI+DQpIdWxsIENv
bGxlZ2UgR3JvdXA8YnI+DQpXaWxiZXJmb3JjZSBEcml2ZSwgUXVlZW4ncyBHYXJkZW5zLCBIdWxs
PGJyPg0KSFUxIDNERzxicj4NCkV4dGVuc2lvbiAyMjMwIC8gRGlyZWN0IERpYWwgMDE0ODIgMzgx
OTMwPGJyPg0KPGJyPg0KPGJyPg0KPGJyPg0KKiAqICogVGhpbmsgYWJvdXQgdGhlIGVudmlyb25t
ZW50IC0gRG8geW91IHJlYWxseSBuZWVkIHRvIHByaW50IHRoaXMgZW1haWw/PGJyPg0KPGJyPg0K
PGJyPg0KKioqKioqKioqKioqKioqKioqKioqKioqKioqKioqKioqKioqKioqKioqKioqKioqKioq
KioqKioqKioqKioqKioqKioqKjxicj4NClRoaXMgbWVzc2FnZSBpcyBzZW50IGluIGNvbmZpZGVu
Y2UgZm9yIHRoZSBhZGRyZXNzZWU8YnI+DQpvbmx5LiBJdCBtYXkmbmJzcDsgY29udGFpbiBjb25m
aWRlbnRpYWwgb3Igc2Vuc2l0aXZlPGJyPg0KaW5mb3JtYXRpb24uJm5ic3A7IFRoZSBjb250ZW50
cyBhcmUgbm90IHRvIGJlIGRpc2Nsb3NlZDxicj4NCnRvIGFueW9uZSBvdGhlciB0aGFuIHRoZSBh
ZGRyZXNzZWUuJm5ic3A7IFVuYXV0aG9yaXNlZDxicj4NCnJlY2lwaWVudHMgYXJlIHJlcXVlc3Rl
ZCB0byBwcmVzZXJ2ZSB0aGlzPGJyPg0KY29uZmlkZW50aWFsaXR5IGFuZCB0byBhZHZpc2UgdXMg
b2YgYW55IGVycm9ycyBpbjxicj4NCnRyYW5zbWlzc2lvbi4mbmJzcDsgQW55IHZpZXdzIGV4cHJl
c3NlZCBpbiB0aGlzIG1lc3NhZ2U8YnI+DQphcmUgc29sZWx5IHRoZSB2aWV3cyBvZiB0aGUgaW5k
aXZpZHVhbCBhbmQgZG8gbm90PGJyPg0KcmVwcmVzZW50IHRoZSB2aWV3cyBvZiB0aGUgQ29sbGVn
ZS4mbmJzcDsgTm90aGluZyBpbiB0aGlzPGJyPg0KbWVzc2FnZSBzaG91bGQgYmUgY29uc3RydWVk
IGFzIGNyZWF0aW5nIGEgY29udHJhY3QuPGJyPg0KPGJyPg0KSHVsbCBDb2xsZWdlIG93bnMgdGhl
IGVtYWlsIGluZnJhc3RydWN0dXJlLCBpbmNsdWRpbmcgdGhlIGNvbnRlbnRzLjxicj4NCjxicj4N
Ckh1bGwgQ29sbGVnZSBpcyBjb21taXR0ZWQgdG8gc3VzdGFpbmFiaWxpdHksIHBsZWFzZSByZWZs
ZWN0IGJlZm9yZSBwcmludGluZyB0aGlzIGVtYWlsLjxicj4NCioqKioqKioqKioqKioqKioqKioq
KioqKioqKioqKioqKioqKioqKioqKioqKioqKioqKioqKioqKioqKioqKioqKioqKio8bzpwPjwv
bzpwPjwvc3Bhbj48L3A+DQo8L2Rpdj4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiIHN0eWxlPSJtYXJn
aW46MGNtO21hcmdpbi1ib3R0b206LjAwMDFwdCI+PHNwYW4gc3R5bGU9ImZvbnQtc2l6ZToxMC4w
cHQ7Zm9udC1mYW1pbHk6JnF1b3Q7U2Vnb2UgVUkmcXVvdDssJnF1b3Q7c2Fucy1zZXJpZiZxdW90
OyI+PGJyPg0KPGltZyBib3JkZXI9IjAiIHdpZHRoPSI1OTEiIGhlaWdodD0iNzciIGlkPSJfeDAw
MDBfaTEwMjUiIHNyYz0iY2lkOmltYWdlMDAxLmpwZ0AwMUNEQjA2OS5CRUYwNUFEMCI+PC9zcGFu
PjxzcGFuIHN0eWxlPSJmb250LXNpemU6Ny41cHQ7Zm9udC1mYW1pbHk6JnF1b3Q7U2Vnb2UgVUkm
cXVvdDssJnF1b3Q7c2Fucy1zZXJpZiZxdW90OyI+PGJyPg0KTWFlJ3IgZS1ib3N0IGh3biBhYyB1
bnJoeXcgZmZlaWxpYXUgYXRvZGVkaWcgeW4gZ3lmcmluYWNob2wgYWMgYXQgc3lsdydyIHVuaWdv
bHluIG5ldSdyIHNlZnlkbGlhZCBhIGVud2lyIHVjaG9kLiBCeWRkIHVucmh5dyBmYXJuIG5ldSBz
eWx3YWRhdSBhIGZ5bmVnaXIgeW4gcGVydGh5biBpJ3IgYXdkdXIgeW4gdW5pZyBhYyBuaSBjaHlu
cnljaGlvbGFudCBvIGFuZ2hlbnJhaWQgZmFybiBDb2xlZyBTaXIgR8Oici4gT3MgeWR5Y2ggY2hp
IHdlZGkgZGVyYnluDQogeXIgZS1ib3N0IGh3biBhciBnYW0sIHJob3djaCBzeWx3IGknciBnd2Vp
bnlkZHdyIGFyIHkgY3lmZWlyaWFkIGNhbmx5bm9sOiA8YSBocmVmPSJtYWlsdG86cG9zdG1hc3Rl
ckBjb2xlZ3Npcmdhci5hYy51ayI+DQpwb3N0bWFzdGVyQGNvbGVnc2lyZ2FyLmFjLnVrPC9hPiA8
L3NwYW4+PHNwYW4gc3R5bGU9ImZvbnQtc2l6ZToxMC4wcHQ7Zm9udC1mYW1pbHk6JnF1b3Q7U2Vn
b2UgVUkmcXVvdDssJnF1b3Q7c2Fucy1zZXJpZiZxdW90OyI+PGJyPg0KPC9zcGFuPjxzcGFuIHN0
eWxlPSJmb250LXNpemU6Ny41cHQ7Zm9udC1mYW1pbHk6JnF1b3Q7U2Vnb2UgVUkmcXVvdDssJnF1
b3Q7c2Fucy1zZXJpZiZxdW90OyI+Q3lzaWRyd2NoIHlyIGFtZ3lsY2hlZGQgLSBhIG9lcyB3aXIg
YW5nZW4gYXJncmFmZnUnciBlYm9zdCBod24/DQo8L3NwYW4+PHNwYW4gc3R5bGU9ImZvbnQtc2l6
ZToxMC4wcHQ7Zm9udC1mYW1pbHk6JnF1b3Q7U2Vnb2UgVUkmcXVvdDssJnF1b3Q7c2Fucy1zZXJp
ZiZxdW90OyI+PGJyPg0KPC9zcGFuPjxzcGFuIHN0eWxlPSJmb250LXNpemU6Ny41cHQ7Zm9udC1m
YW1pbHk6JnF1b3Q7U2Vnb2UgVUkmcXVvdDssJnF1b3Q7c2Fucy1zZXJpZiZxdW90OyI+VGhpcyBl
bWFpbCBhbmQgYW55IGZpbGVzIHRyYW5zbWl0dGVkIHdpdGggaXQgYXJlIGNvbmZpZGVudGlhbCBh
bmQgaW50ZW5kZWQgc29sZWx5IGZvciB0aGUgdXNlIG9mIHRoZSBpbmRpdmlkdWFsIG9yIGVudGl0
eSB0byB3aG9tIHRoZXkgYXJlIGFkZHJlc3NlZC4gQW55IHZpZXdzIG9yIG9waW5pb25zIGV4cHJl
c3NlZCBhcmUNCiBzb2xlbHkgdGhvc2Ugb2YgdGhlIGF1dGhvciBhbmQgZG8gbm90IG5lY2Vzc2Fy
aWx5IHJlcHJlc2VudCB0aG9zZSBvZiBDb2xlZyBTaXIgR8Oici4gSWYgeW91IGhhdmUgcmVjZWl2
ZWQgdGhpcyBlbWFpbCBpbiBlcnJvciBwbGVhc2Ugbm90aWZ5IHRoZSBhZG1pbmlzdHJhdG9yIG9u
IHRoZSBmb2xsb3dpbmcgYWRkcmVzczoNCjxhIGhyZWY9Im1haWx0bzpwb3N0bWFzdGVyQGNvbGVn
c2lyZ2FyLmFjLnVrIj5wb3N0bWFzdGVyQGNvbGVnc2lyZ2FyLmFjLnVrPC9hPiA8L3NwYW4+DQo8
c3BhbiBzdHlsZT0iZm9udC1zaXplOjEwLjBwdDtmb250LWZhbWlseTomcXVvdDtTZWdvZSBVSSZx
dW90OywmcXVvdDtzYW5zLXNlcmlmJnF1b3Q7Ij48YnI+DQo8L3NwYW4+PHNwYW4gc3R5bGU9ImZv
bnQtc2l6ZTo3LjVwdDtmb250LWZhbWlseTomcXVvdDtTZWdvZSBVSSZxdW90OywmcXVvdDtzYW5z
LXNlcmlmJnF1b3Q7Ij5QbGVhc2UgY29uc2lkZXIgdGhlIGVudmlyb25tZW50IC0gZG8geW91IHJl
YWxseSBuZWVkIHRvIHByaW50IHRoaXMgZW1haWw/PC9zcGFuPjxzcGFuIHN0eWxlPSJmb250LXNp
emU6MTAuMHB0O2ZvbnQtZmFtaWx5OiZxdW90O1NlZ29lIFVJJnF1b3Q7LCZxdW90O3NhbnMtc2Vy
aWYmcXVvdDsiPg0KPG86cD48L286cD48L3NwYW4+PC9wPg0KPC9kaXY+DQo8L2Rpdj4NCjwvYm9k
eT4NCjwvaHRtbD4NCg==
--_000_AA48E7A39AF95D4097B90DF882368BED0325BCEXMBDB02campusncl_--
--_004_AA48E7A39AF95D4097B90DF882368BED0325BCEXMBDB02campusncl_
Content-Type: image/jpeg; name="image001.jpg"
Content-Description: image001.jpg
Content-Disposition: inline; filename="image001.jpg"; size=19960;
creation-date="Mon, 22 Oct 2012 14:27:28 GMT";
modification-date="Mon, 22 Oct 2012 14:27:28 GMT"
Content-ID: <[log in to unmask]>
Content-Transfer-Encoding: base64
/9j/4AAQSkZJRgABAQEAYABgAAD/4QBmRXhpZgAASUkqAAgAAAAEABoBBQABAAAAPgAAABsBBQAB
AAAARgAAACgBAwABAAAAAgAAADEBAgAQAAAATgAAAAAAAABgAAAAAQAAAGAAAAABAAAAUGFpbnQu
TkVUIHYzLjM2AP/bAEMAAgEBAQEBAgEBAQICAgICBAMCAgICBQQEAwQGBQYGBgUGBgYHCQgGBwkH
BgYICwgJCgoKCgoGCAsMCwoMCQoKCv/bAEMBAgICAgICBQMDBQoHBgcKCgoKCgoKCgoKCgoKCgoK
CgoKCgoKCgoKCgoKCgoKCgoKCgoKCgoKCgoKCgoKCgoKCv/AABEIAE0CTwMBIgACEQEDEQH/xAAf
AAABBQEBAQEBAQAAAAAAAAAAAQIDBAUGBwgJCgv/xAC1EAACAQMDAgQDBQUEBAAAAX0BAgMABBEF
EiExQQYTUWEHInEUMoGRoQgjQrHBFVLR8CQzYnKCCQoWFxgZGiUmJygpKjQ1Njc4OTpDREVGR0hJ
SlNUVVZXWFlaY2RlZmdoaWpzdHV2d3h5eoOEhYaHiImKkpOUlZaXmJmaoqOkpaanqKmqsrO0tba3
uLm6wsPExcbHyMnK0tPU1dbX2Nna4eLj5OXm5+jp6vHy8/T19vf4+fr/xAAfAQADAQEBAQEBAQEB
AAAAAAAAAQIDBAUGBwgJCgv/xAC1EQACAQIEBAMEBwUEBAABAncAAQIDEQQFITEGEkFRB2FxEyIy
gQgUQpGhscEJIzNS8BVictEKFiQ04SXxFxgZGiYnKCkqNTY3ODk6Q0RFRkdISUpTVFVWV1hZWmNk
ZWZnaGlqc3R1dnd4eXqCg4SFhoeIiYqSk5SVlpeYmZqio6Slpqeoqaqys7S1tre4ubrCw8TFxsfI
ycrS09TV1tfY2dri4+Tl5ufo6ery8/T19vf4+fr/2gAMAwEAAhEDEQA/APtDUdNs7m4IS3c47uNo
H481kXv2OG4LS3MMS928zNPkgs7i4FxEzmM8MiyMocehwadPpGmXcaW7i2hZ87YQ3K/Wv12EOU/N
zmr/AMOx63eAafe3k7S52ENkR+wHYe3tRJ8PvEcUirZal5q8/udrN+oziuB/ak/ab+FH7Iunpc+K
L19S8QXKB9M8J2FxslcdpJ5FOIoucZ+8x+6CMmvgX45/t+/tM/Hy4mtNT8dzaFo78JofhxmtYcf7
bKd8x45MjNn869LB5bicZaUbKPdnoww05fFofprfeK/DHhuR7LXfGel6fcx432WoatChX8GYH9Kr
2Hj3whfSGBPGej30h+5FZanFK/v8qsTX41zSyeYZZZXkZ+XeRsknuc1Jb3FxaXC3dpO8cifdeN2U
j8VIP616v+r/AP08/D/gmn1Kj3f3n7IyxW+qRmSBpo436jGN3+f61m3mkSRP9sET7V+9sXdX5q/C
r9s347fCy7gEPi+51Wwicb9O1WdpUKDOFVjlk68HJr7K/Z6/a28J/tBwHTdOmmsNaiRpJtIuG37w
OroQxDD1xjA5rysZluJwfvSs490zOeH5ep6beaxq7W7W1tcttbs7Z21V+36mwxJqD8dNnFXJZI48
eZaQvn/pniopPLnI2WCDHXYcVxRlylmXLcXEuD9odcf3DjNVpJriTH+mTDH+3WqbO3P8FQS6bcR4
4zmumE+UicOYzs3H/P7N/wB90ZuP+f2b/vurktvImPLG7PXtiiKLzc/NjHtV+18iPZeZTzcf8/s3
/fdG3nPnzf8Afz/61X/sn/TT9KPsn/TT9KPa+Qey8yhm4/5/Zv8AvupLW11C8k8m2fc3YYq39k/6
afpV2yMlg6yxP8yZwcVE58wey8zrPA3hkpJHFqGqvuXGFVs4r1Lw9b2dhpphhuXCp0ZOH/76rxvS
vFV5DcZtInmlfhyOrD0Jr5t0z9u/VL7/AIKDw+EG1l08JTW58MLbPOzRJfb94ucHo32jMOf7pxXN
HAVsbfk+yrkRpzn8KPvjWL7w9FbS315ewW6RqWe4uiFSJQCzMzEgAADqeK8K8QftO/b4Xuvgb8Kf
Enj7T1/1utaRGlrYnH/PKa5kiW4HX5ot6cferyf9uDxRrXib4q/Dv9mT7dcjSfFOqyXfiS28xkN1
aW6GT7KSDykhB3DuBjpnP0Rpfh/xRDo8DaC9nHawW2ItqYWEDpGEzgADA5WlTw0MPCMpe9zK/lu1
8yVRhGClLW5w3gH9tL4fa9rkXw/8bWeq+EPFLqTH4c8TWUkM0oH8UTndHMp7GNj9OldBrnjnR9Qn
VdPV3lR9wLS5H4cV4z+2t8J7Px18Dtal1S2aPXtFifVdJvoXUS28sI3naVOQCFIPI9eoBFz9mbXv
EHxZ/Z68NfELUNSd7u7sil9tAXM0bFGbAA+9tDfVjXW6FGeGVaDsr2Zr7Gmvh0PSILW48aeIDZHW
3soVTLSNukMh7AKAP516p4F+BPhC0sf7WvNRm1G7ZSNs0mYz/wAB7fnXJ/BvTbmOG5ub6NW2uSsc
q56eorq4vElz4SZrybW7fT4ZHyxnuIo0x3ADOD+lebXc4z5YsxDUPg74c1KdJI9ORWjfcIrZXiVv
Y9MiuU8WfB1ZoriXTlZJFQkLbzY6djXpnh74i+H/ABGIjb+JrC4bJwYNXtyG+oDmnTadbatcfZ7f
UWDSdGjHyD8c1zRxNeHUD5zs/hf8Q7+5a2tNPuZduMtHMMc/XFa1n8A/iDcIZtRWSCNVJLvL0xX1
X4U+G+m6dbxxztbyMesknJNbN14R8P3VpvgtkTHXavWnLNZz+Fm3tpx+HQ+I/EHhzxN4QbzxPcNt
/wCWingfX0qonjDXPKEcl45x0KtivrTxl8G9J1LTJWsZUWb+BWXGf1rxPVv2c/Fiags97dW1zCSd
7IyKR+HGfzrspYvDVb8xcJ8xwOleNJLY7ppHlbuXk/8ArVHrHiu/vXMg+Xf23ZxXsmlfA/Q7WyV1
06ItHyGm659c1heJfCUcEjx6jHpsYx+6MIy7D1FXDEQn8JHtfI8k+23H96tC3e7hjCoZfc/an/xr
om8K6XaXOZJ3AHTbxmr9xot9f2oKaZuQ52tKv8qvn8i5T5bHFST6gmDDdzHPX95VafXdUh3QJduu
RyVOK6zUdBbTRtuosf3k9awL7S4rot5cyRZ/vGqjLmLMiW/uZAP9ImGO/m//AFqt2lzIHDpNMpHX
971/SnXGgYVfIkz68f8A16rTQ+SB82fwrWU+ZFwhzGpZanqEM3mi4yw+6cdK0rT4heI7VDG9zv8A
T5mX+RrnEutkQj8vOD1zXDftLz/E5/huY/hdBdG5+0Kb97F1WcW4VtwTJB5JXIXnHTpVUKXtqsYX
Su7XZlipfVqLqWbt0R714O1/VPEEDXtnr6MDI0bvHIJQGU4KnacAg8EE5FXLnTtQjhfOtzNnuRz+
ea/Pf9mT9pHxF8AvGpe/ee88PalMg17TySzcYUXCZPEq8c/xD5Tk7cfdWq/FbwlofhV/Glx4ps5d
KEKTQzgZWRXGV2ZOSSOi9e1PNMDPK5v2rXLZvmei03PLwuKhiaTnouXe72Q+4k1VYPs2o3N4EJOM
K7bv1OKoXcF9JbsdPv4nXHJLYNcl4C/aX8P/ABcvdQ0fQ4bmyuLItJFFI203MIwPMVccYJwynkVr
6jLqEuZiuMds5ryMvx2DzTD+2w1RSjdrTuj0MPXoYmiqlKSafYhnvpraQxXomDDtIePwqndXrvjy
r2U8nID9KbeS3MiqJ1xycc1AQ5+4mfxr16W7PRpU7DpJriQAfaHXH904qpMlzHg/b5jn/bqz9aC0
5QoJsZHpWxvGPKUXjvJsBLuY4/26HSWQAS3cxx/t1Y+yesn6VPF5cPKR9RzzUTnyhKXKV1tLgged
dTYxx89SRQ+USfNds/32zVmOTecYx+NO2yD76Y/Go9r5GJBJp95OAGkcAdNjYqtNo9zBH5n22Zf+
BZzW/aGOOPZJJj0OKg1CIK4lDZ3dsUe18ioy5TlWtrwnEd9Mf+B0fZdR/wCfub/v5XUCzjYfvOfT
iq11pEbY8tM9faj2vkaRlzGFJFeOAHu5lx335pZEuJAAL+YY/wBqtH7Jjjf+lQzWXl8+bnJ/u1sU
VJI7h1Ci/mGP9qoYkuZCR9vmGP8Abq75H+3+lHkf7f6UARA3AAH22b/vujNx/wA/k3/fdS+R/t/p
Um2MAbEwe5z1oAqSpcSAAX8wx/tVDElzISPt8wx/t1auQtvbyXUjYSNdzsRwBkZJP0yfwr5jn/4K
FXlvezQ2Xwwt5Y1kZY5H1F13qDwfuHqK3oYatiG/Zq9gvBfE7H0eWuQcfbZv++6N1x/z+zf9915Z
+z3+1Hrnx48YTeG3+HsOn29raedNdfamkO7eqooBUdSSc57V7GIt4D7+vPSs6lOdGbhNWYGfvuf+
f2b/AL7o33P/AD+zf991dlsZJxiM5x7Vw2ufFaCw1e60q28NfaEtLhohP9s2+ZjGWA2HjO4de1eH
nOf5XkNKM8ZPl5nZaN377H2XCfAPFHHOJqUMloqpKmk5XlGKSbstZNb67djqpJrlB/x+THP/AE0r
gdR/aQ8GabezWE0mpyNBO8TNEoKkqcZBJGRWnofxBv8AxZqieHLfQTbC4jfzLlbrcYUCnLAbRyMj
vXPH9knw3Ixkl8Y6kWY5YlEJJ79q83D5y84pe2ytc8E7NtNa9lc+U8TuEfEjgPH0MDGjCNWceeSc
oS0vZbS7qR3vhTxMni/QLfxHp0l7Hb3SloRcDazLnAbHPXBrR33P/P7N/wB90uhaPa+H9HtdEss+
TZ2yQRZ67V6fzP51at7bDMd/X2r3439mlLfqzHBxxMcNB1/j5Vzep9LGa8huPPkt0OegX5f8a84/
al/aH8L/ALOfwtvPiFqOnbtRZxBoVj5jMLm7KnbuC4OxRl2Oei++R6xFpEkFwYJJOvQ7a/NH/gqd
8W7zxr8fj8No5nWw8K2yxeQF2g3EmHdsd/l2gHsDTyyj9exkadtFq/RHh4ahzT5r7HmPwd+GvxD/
AG6f2ir/AEfxD8Uf7O1TUtOutW1DWb3TWvNzJJBGqbFdCAfNUDBwAo4r3yL/AIIt+OGkC3P7UWmx
oerf8IhMcfh9rr5w/Zz+PviT9mv4j/8ACzfCehadf3v9nTWQi1NHaMRyFC33GU5yi9+1e8/8Pefj
Mf8AmlfhMf7guh/7Wr3cVh84lWawrah0SaX5noTjN/C7HW2//BD67uI3Yftg2IaPG6NvAswPOen+
nc9KrXn/AARPvrPcrfta2hZeqHwLMCPr/ptewfsC/tV+P/2q4fFmt+L9J0vTf7CvbW2sYNLhcDDI
5ZmLuxYkqD7VD+3f+2H4y/Zb1Dw9Y+FfCOkam+qwSS3E2oiUFdhI2qI3UAHH4V4SqZw8T7D2r5rt
fcczlWU3Hm2PGrn/AIIva3BbC4T9p+F85yP+EEmGP/J2vDfjn8F/E37Evxb0ux8N/FyHVdXt7dL6
G/sLBrSS1bcQquhd+oGcbsEHB4NevWn/AAWE+NtjJ51t8LvCe7t5gumH5ebXzR8V/id4o+MvxD1X
4meM50fUdXu2nnEK7Y488CNF/hRQAAOwr3cDhs1da2Ib5GrNNp3vtsdMIzXxO5+qv7GXxT0X9rb4
LQePRqdtZ6nay/Y9fs1t0/cXSqMsBgfI4IdfqfTNddq3wyu7P5ooppFHRtjNn8hxXw3/AMEU/jTq
Hw+/apl+Fd1dIdJ8a6VMs0dxJhPtdspmhYcH59gmX3BNfqtc+NdAsdTisbuzeONX3MEjxjFfK5lK
tl2PqUVte69DmPGNB+Dk+v6f5tnpl8ZkcrMjRrGin6kL/X8KzdU+EXiPRbiSCfTLv93je8FmZB/4
6c/pX1BpPxB8P3N4uo/ZXWNv+Wzx5B/w/WtOP4g+BJsq9w7t/AEXOa8f+1MZS+w36FwhzHxnfeCt
QhkELWLqw+8sg2kfhSXngySEKiWjrIc5jYY/XNfT3jnxD8JdQglNoltJOeGdByp9K8j1u9t1vDHH
F5kS8REnBA9Ce9ehRxftoc3K16kHDw/CXxVO6Qw6K8kkiBo40OSwNa5/Z6+K11ZtIPC8y/7GPm/K
u18PeI/E1zGp01YT5KADFvmQdehVefxr1XwJ430S+t006/S5S/VS5t2ZnMh7kZPFc+Ix1aEOYD5p
1X4Q+ONEjlk1rQXiWEDc7Hg59D3rEOjamf8AV2EzevyV9k6n4e/4SCMpfPcxRFgyql80WcdiAOlc
r4l0PwR4R8y+t/Bnnrj/AFkqNKhx6AmiGZTn8SA+JP2kviG/wO+DOs+PI7bF/wCUtno0IG5pr2Zg
kKL77vm+imvj79rT9kDU/wBn74VeBPiDp87/ANpTW6Q+LL2P76am485Jg2f7wdM/7K5yTX198ffF
Fv8AtTft4eG/hHoXh6FPCvwmgXxF4lghTZFLqkmBbRSf3iow2P8AeHvXof7S/wAI4P2i/g7r/wAM
10dPtF9YObERdI7pcNC/sBIFzX0mDxsMDycytzu8vnt+GoHxl8TPiZq3iHRfgx+3E6TT2Wk3n9me
LpIFz9mmPyykjsCPMOe+5R1YV9y+BvEd/q2gQXmjWdnqWnXECS2tzDcZEqOMhgyHBGMV8Of8Et/E
tv4i8Y+Jv2MvijZpJp/imKWaHSdTj3It5ACk8BHYtGoYdwYTX2T4G/YN8e/A26GkfAv44eMtB0KU
tt0dYrXUbS3B7Qm4jaSFfRVcAelVmlTDUZ+xlo4/D5xbuvS3zInDmOR/bN8aJ4S+BHiG5fRB9u1C
xfTNItbUNI1ze3A8qOCNScs53E4HYE9BXkkfxz8HfsBfs7eHPhb4viOoeLotKjYaHp8yl0mcl5Gl
YZESbmKhuSxX5VPb1T9qzw9pX7IHgSb9oX4ieJNT8XeJbeQ2nhF/EvlkQ3kqMo8mCJVji+XJeQDe
VTBbFfLv/BO/4A+Iv2n/AIy69+0N8Uml1e30C7W4mmu1Urdak43JkEH5I0+cL0GVGMDFaYGNF5bz
1f4ad35vt/wSz1b4d+Bf21v2n9Og8R/FT4t3vw58JXjqbbw74XiEWpXERGQ0j7S6Z/6aNkjkoK9U
8K/8Ez/2MrpXl8Q/DnWfE9+qbrjUPEfiW5uZpD7gMqr+Ar0+O2NrIHMQGP4SchvrWlbavd6Vue0b
b5iFWrjq4urKype4uy/q/wCIHkdx/wAEtf2J/F+6zb4PS+Hzj5b7R9bukeP/AL7dk/76U14v8e/2
GP2mP2TYpvHn7H37UPijXdNtB5raF/arre26DvGjZiucc8BVbA4U19eyXWuRYMd25z13HNVJVvbr
HmXDvg/wHbSo43F0Z3c+ZdVJJp/eRCHKch/wTG/aM+P3xn+DEnjv48eNoNRkfVJbLTnksYraRI4M
IzSlSFdi2Rwo+4a+rh44s5AGtHeaMD5po1+Rfxr5y07wlp+lRNBp2mQwo8jSOsMaoGdjudyFAGWY
kk46mtKGfXLWMQw30wUdBv6V52Jw8K9aU4pRTd7JBOHOe/S+KbeaMp9qRc92OK5vxBrN5NF9pluL
cRpncEiZ8j8OleW2ut69bSboNQd2P8L96bLqmsy4e6vZt3rv61zUsLe+pHsfM6LxF8UL/wCxva2t
1aFW4D//AFq8s8UatqOq3BS/ud6dlAro5oLnUozFPHnHQ5qnc+HcbfkruhThT+EuEOU53Tpr+1Qx
JLsUdBinnWtfiOFv3iTsFreGjYGPJFOj0e3jJP8AZkJz/s1ZfLB/ErnPt4k8QXsbQm73LjkYqh/Z
Ul3IFmXMjdD612R0vSDIZDYdR03/AP1qdFaWUEgkjsZhjr8lAWgvhVjk38DajIoP2mIfjTLnwjcW
6qBDuZvujpmuzMduTn7Ki/7q4pY727syTHGkuezr0oNva+RxEnhuRLfz0Dr6hoWH6nFUZdGuEwc5
z7V2nxN8b6z4X+H2reIfC/hS7v8AUrSxkexsILVp2uJ9p2IEXluecegNfJPw7/4KeanYaz/whv7S
3wybS7tJNl1f6dbSRPCfWW3mJbHurf8AAa8DNOJsoyXFU6GMlKLnez5W4721a2PvOF/Dvi3jTK8T
jcnoxq+waUoc8VUeibcIN3kle2m72TF/aw/Zna5025+Kng3SSl3Apk1i0gGftCjrMq/3wOWx94DP
XrU/Yq8Xw+PtDvfgj4jMd5HFbNcafC43hrfPzqPUKSGHoW4r68+GXhb/AIXl4fsfFXgO6t7/AEPU
k/damyt5LRtw33gAxxkYPeuw0z/gnJ+zL4Z8Uad428EeH9Q0HVNOk3CbTNScxzAgh1eOTepDAsOM
dR6Yr5TjPx+8PuDoU8rzet7aU03+6SqKmtLc9ndX6Wu7LVI+Xw/AOeY7HTrUqfJy3jOM7xu3ukmu
nW9tT4F+I3gjxD+zX8WLPVLGR/sny3WmM5z5kIO142/vEDch9VYHjOK+otNs7TxBoNp4j02Pda3l
sk0DjoVYZHNdD+3v+yNrvi/4UQ6t8PbS41m90m7E0dmIVE4hZGEgXbw4GFPXPGMVzn7ItlqfiT4A
adBdwNbXunTTWU0NyNjjy5GwCp5HDeleJwBxVw3mudV1kuKVXD1I86SesW7aOLs01fqkfKf2JmHD
mdVcJXouEJLmjfbzs9n95SvNKuPM8sDp7VCLK4tudmc+9enS/Di9RDO2kedGOrRSZx+lJB4P8NtH
m70qaBvTfjP44r9mhXhPSJ70JcqPMttx/wA8f/Hqi+wyMcyQg+nNd7e+EoUlKwNFszwxk61nv4Uc
SmNF3Y6nFI1jLmOWt7K3BP7vtU32S3/55it4+GbnP/HrR/wjhxymPXitPaFGJFZeYSBJjHtUUthJ
N8sZzjrxXTQaZaW6bFi57mornR8gEQ9+5o5yYx5TmJdMuIwCR1p+JMAImT35roH0SSIBkXGfanDw
5KBl4cZ71MpcxRz7tcOAPI6f7X/1qjl0ySMBkixn3ro5NBMYBMec+tM/sf8A6ZCiLsBzUlhJJgI2
SOvFN/sq49RXRHw6p58sUf8ACOr/AM8xVe0Nva+RzcmnyIBsbce4xjFR+Qe7fpXUf8I6v/PMU2XQ
jHgiMHPvR7QuE+Y5nyP9v9KDayLy4wD0NdGNHkP31yO3PSg6PjrB/wCPUc5Z518W/C3izxX8NtY8
LeEJYItQ1Oye1tpLhyFUupUk7QT90ntXyz/w7u+MmMr4h0LHb99P/wDGq+6/7G5/1P60DR2AZlUL
tUsxHPA6124bM8ThYtRs7u+pjVUNHJafkfMv7Ofw5h/Zgs9V0fxxfRXOqanNFKzaajOkcCLhFJYK
cklm6d69L/4W94Qxn/S//Ab/AOvXDeOtX/tzxZqGpD7rXG2Ln+BRgCsiv0Cnw7h61KNTEN88ld66
XP5SzXxk4lo5lWp4Fw9jGTUbxu+VPTW/Xc9b0v4haDrl7HpukLcNdS/6hZbchSw+YZIzgZUc9q4O
L4C+NmjWS41PTTIVy5DzcknJ/wCWXvXSfs++GpdU1i91lo/ktYBEh/2nGT+gr1WbQvLOfJGCeBX5
TxzwjkWZZlGnPnapq3xdW7vof1p9H/xo8QeH+Ha+NpOkpYiS1dO/uwul121b9Ty34Z/Ca+8Ianea
rrV7azPNB5EK2vmbVUkEk7lXBOBxz0rs47MozOZcluvy1uf2P/0xH50f2P8A9MRXJlGWYXJcGsNh
78qu9Xd3bPpOLeLc642zqWaZpKLquMY+6uVJRVkkrv5+ZgwW2Hb95+lSi1kb/V8+tbP9jY/5Yj86
s2vh3JJMY6V6ntPI+XnPlPpE2fnStMyb2bqelfh78e7681L41+Kb++m3yS61OxOMfxY/pX75RaAk
x+eDOOnNfhT+2H8PNU+FP7UXjrwDq800klj4juCkk0TIXjkbzI2APGNjr09K6uFa0PrNSDerWn32
/U8uEOU82pskmzHGc06ivuiz79/4Ie6PPrHhn4kyQWzybdX09iFXON0Mp/z9Kw/+C1Ol3GleLPBM
VzaPEz6bcsAw6gu2K9f/AODdTR7e+8F/FS8mu3iZNd01U2Kp/wCWEueoNc5/wcTQxwfEn4dJGuMe
H7nJ/wC2z1+bYLFwlxg4R1tKS/A09n+59ofnFRRRX6SZnqf7DGoXmm/tq/Cm4sY3eRvG1rGFjGSQ
4dD+jGv3R07QNN8R4utYXdMeCksuNg7ADHFfi5/wSn8Bah8Rv2/PAMNojrDoMl3rl7IsLOBHb27B
VOOgaWSJfxzziv3b8KfD7Qr0tcIsr3Ifd58q4xnsBn2r8v4ux1GnmT8kiqcJ1IKUUeY6zoEmj7zp
c2Ierw7Ow75z71taJ4u8L2ukGzbTPs07YDzQxYJHpnr+ZNdxqfwk0iKRprm7R2PUu+c1jaj8L42u
NumWDmH+JGk3FvoMCvl/rlGr1K9jW7Hn2raT4IRZ7i209J5Lh90bucYI7/rXM2nhCS7uF322Y8/9
9V6xceA9AtNwc3MTL95JDg1FN4R0+2jMuki5DfxF48/TvXZDGU4fDIPZnJ+EvhlZ2CG91W88shy0
amfIT0zxzj8K6H4feF7Q+LZLiAzNC0R3TCZsh++Mk47VYs/Dt5LcKIrZZ27JIvFdHZ6ZcWSeXPpt
smejWwVT+YFYVqvNDl7h7M3JvDFlNZm0QOc/xs2SPp6V5p+0V8SPD/7NPwS8SfGHxTPby2Hh/S5b
maO7k3NO20rHEFx95pCgFd5Bqtxp8YSeO5kB6MJcn8Tivzz/AOCsPx18MftAfHz4Zf8ABP3w/wCN
USw1XxbZXPjyUXClbbL4htWYdHxufHZjDRlGFr47GKm37q1l6JNsKigrcqscX+xt+yb/AMFCvEnw
9vP2g/Afj/wZoM3xOv8A+3r+HXfDk9xdMGLeUQ4ZQqFTlVHAUivYtT/Z9/4Kr2FkHPx9+FYEeTEI
/Btwrg+owea+1PBlpH4b02Dw7pukPFbWkEcFtbRR7VgjRQqqB6YArSu7PxPeSbjbxKp6o0fzfjzx
XoYniHESxMnKnD7ui2/APZn4T/tZ/CP9o79h79pzw/8AHjx3q2lXeu61qR8QWWreHrF7e3kuI5QJ
4RG33CwOCB180n2r9UPhj8adX+JfhHRPil4c1h57HV9NhvbAvyNkiBsEeoPBHqDXCf8ABZ/9no/F
P9izV/Gl8qW+oeBbmPWNOmnG0lQRHNGDn+KNzx3KqPevHP8AghV+0Rpnjj4aaz+yn4v1lEv/AA/M
b7w1HIcmWylY+cievlzZbGfuyV7uLrvNshjjJRTcHyu2mnR/d+ZMo8p41/wXH+OGueOfjF4S+Ftz
c/6PoGhPfSrGeHnuHaPceOSEi4/3jXvH/BKPwhpmhfsT6dew2032nWdZvr6e6i53fvPKQH1wka18
p/8ABaLQLjQP22bhJg4S58L2MkIZs5UGVM/mpr7k/wCCSC2fiL9hXwnNZy7zaXN/azrj7siXcuf0
I/Ou3MeTD8LUFFbtX+fUk9FPh08fJTJNC8s/6sHNeoS+GTIB8uMZ7f8A16ii8GyKT5a7/X5en618
lDFVpdRzo83U80k0Py8fuwc1FHoXlk/uutenf8IPc5/1f/jtMl8F+VgwRcnrV+3q9yPq3meb/wBj
/wDTEUyXQvMx+7xivSP+ERuf+eNTxeA7yeQRRW7szdAiZ/rUTxc6fxSLhQ5ep55Zxz2sewW0e4fd
lUYcfjVa80mS8k8yRa9Jl8FXsOPMtHXn+NMf1pIvC8iZ8uPdnr2xShiIT+Ev2Z57beHrOPa02nuz
DqzfLmrUtpZyRmGTS5lU9QBnNdxL4WuJAB9nxgetM/4RG4z/AKmr9oHszzefw/atJutbZIVPQPJw
PxxTR4Jv5ow6yQux+7GJOT9PWvSv+ERuP+eNH/CJRn/Wpn8Kft63cPZnl03hW5tpDFc2bRsOzrim
f8I7/sV67Z6JJbp5V3aJKn91+hqrqXhb7TcfaLa0RN3VI1wBWv1qb+LUPZnmq+GrMD95DipJNDik
wEGce1d9/wAIdKOY7Uj15o/4RG5H/LCsfaB7PzPN5dCEn/LPGPxrlPiJ8A/hx8XbNbDx54MsdR8j
m2uLi1QzQMOhSTG5cenIPfI4r24+CLnP+r/Svjn/AIKNfBb9tL4e+NdA/bB/ZS8Va5r9t4VXbrvw
1852tbi2wRJNHCmDKWTIdTuYcPGM5rDH1aNbDOFWnzxe63TXW52ZfiMZgcZGthKsqdRbSi3Fr5rU
5L4o/Ej9s3/gnx4osfiD4f8AH1140+GLXCQXWl6nYwk2UTMFEbbIl2HkbJRxkAHaTg/Rnjb9vnUN
A8JeBvih4T8H6fregeL9Vt7KS5hmaB4BODsfkkAqyurISDlSCRis39mf9on9nL/god8Gry38Oz20
8l1p5g8VeDdQlT7bp+5dkiPGTllDE7ZVGDtzlSCB5xrHwX8UeHvgD4r+EL28l1c+D/Fmn3Fu6Rrv
kEdzCROMYA8y2kt5H65lac9TX5XHwt8PsfnKhi8vpVMNXvsuWUZW2UotO3k9j9UzvjTH8Q8HfWdK
WY4WylKNlGtSk/inG3K6kXo5JK91fofV3wa/aI8CfF74f6b468/+xTqDCP7FqsixtHKX8vy9x+Ut
vwAM5Oa0vHfw+0jU7CbV9LsEhvwzTyPAip57E5bcFABPXk5PFfK/iLwhLpnwq034Y3Niwhvvidq1
9cQFdxOm2N5PcucejMsUY9S4FfW/wd0DxHofgjw94d8RX091d2ttCl9NcStIxYKFJLkksR79uK/F
eK/DJ+FfGNPP+Dq0oUoTUZU5O94uLbjfeUZJNWe2ju2kfNZRxQ+JqNXL8xpJyUbqcVaz81tp+J5x
aXM8SbAm0djnrViR0ID3qecx75211b+E5y5YQ5BPBpkngySbAkgzjpzX9iRqNxTsfCunZ7nCT29v
NKXECKPRRimT6RZ7QUTbnrXoFt4GQE74CvHFTHwMhH7uHdT9oL2fmeVXfh3dJvCjntiov+Ec/wBi
vVD4OwSPsf8A49UR8DuDmOHB71t9brdzQ8yk0CNgPLt9uO+c5pw0XoDB+tcF+0Z+3l8EvgH47Pwm
0TRNX8Y+LhhZdD8M2/nmFz/yzd1yA/faNxHcCs74Q/t2+FPiX8T9L+Dvjb4BeOPBuu6zKU0yLWNK
Zo5cDOSwAZBgEklcAAkmu+OGxkqXtfZvls3d9l1A9K/4R0k52fpTo/C8kpxHHnHXisH9qP8Aaz+E
f7K+pWHhDW9O1HXPFWrIG0vwvoMPnXUwJwpYfwAnoTknGQCK890P/gpH4R0Tx3p3gX9of4C+Mfhq
2rMosNR8QWTG3O4gKXJVWUZIBO0gZGSKinDMasFOMdP62W7+QHRftJfFzw1+zF8P0+IvjTQr+8s5
NQjs1i05EaTzHVyv32UY+Q967jwxojeKPDWn+KLWEQw6jaR3EKTsAwV0VhnH+9j8K8j/AOCyWmxa
d+x5DqEEiyB/E9iYnQ8EYc5B7jj9a+jvhToKRfCbwzNKI8HQbVmaVPlUC3Qkk9AAATk1VSXs8vp1
46OTkn8rf5gcpL4UuYv+XfNVZvDBj6jr2rynx9/wU++GNh4/uvh38D/hF4o+JN5Yki8uPDVqfIDD
qEO1mcD+9tCnsTXSfs3ft4/BD9oLx9/wqPVfDms+DvFzFhFoPiOFY3mYDOxWzjcRnCsFJxSnRzWn
DnlB2/H7twOxfwzsAO3/AD+dN/4R3P8AAKw/2tP2tvg1+yXdad4a8RWOo654l1hC2m+HNGg3zuN2
1WY5wgY8DPJIbaGxmvIfFn/BUnw74MsTpHiH9mDxto/iy6EX9gaJrUAto71ncID5r7GQcnkryTin
RoZpiIc0IO3nZfm9u50ynyJHvR8Pc/cFH/CPDH+r/Kt7XfEGjeDvhND8VPiZo0+gRpYxT6hYTkSS
20rqp8kFCVdwzBcKSf1x5Mf2xNBh02PxXqnwR8XReHJCfL1z7GrREDPOAfbHXrwM14WMz/CZfW9j
WqpS7K7du7tsj6/IuBeK+JcFPF5dhuenF8vNzRinJfZXM1eVuiuzpvGmp+HfAHhy48U+KbwW1lbJ
mSQqW5JACgDJJOap2dnZfEXwKdc8F6l+41Swb7HfmHmPcCM7CQeCO+M1pftEfEzwP8OfD9lpvjX4
Z6vq+l69YGSdIbUFI4vkO2bcQEbkcE9q2PC/iHwVD8ALf4teH/DMlrottokl3BpMIVWiiQMdgGdg
6Hv3zWEeIOTMnTVSHLTjzNNO6a1u27fcdGM4Jry4QpYiWEq+2xNb2cZ80fZSjJNciV+ZT5urstDw
xP2LZgoA8dMcDotlk/8AoylH7GWP+Z/lHr/xLQf5ua7tf2vfhxqGk2cvg/wTr+t6ndQSXE+jaTar
PLaQrIyh5SjFVyF3AZJxVz4n/tQ/DD4HfBTTPjP8VbK/0k62hOleHXiDX9wd3ygIDx8uGJOAuecH
Gfqcu8QszzXEKhha3PJ9kmvyPyjPPo5ZTw1h/rGaZa6MefkXPUabev2edys7OztyvdMp/DH4NW/w
20GXR4777ZJNdNNJctDsLZxtXG49Bx/hTPi9468GfBDwBf8AxG8e3621hYx8Dq9xKeEhjA+87HgD
6ntXmmpf8FPPCPhzR01z4hfszePPD+n38Tto2pXlmphvHCkooY7du4/Xjmun8d/tP/DfSf2Y/CHx
9/aQ/Z+1GOXxDPu0PQfsEF+Wmwzo6SnKRh4gSpfaxycLxzviFmcsX7XFQb53rZrV/ed2WYLCZRgq
eEwsbU4K0V2R5F4K/bI+Imk+LtFvf2ifhWnhnwd41P8AxS2sRJI32cE4Rbkkn72VOcKRuB2kc19T
Q6BHLEssO1kZQUZSCCOxBB5FfPWp/wDBSH4ZX91aeH/jx+yr4q0Tw7qcgRLzXtIWaEgnAcxOgBA6
/LuOOxr2r4+ftA/Dj9mb4HaN8Y10abVvD2oT29ppA0YqEeKVHaJl3YULtX269BijHUqzqRtScW9t
VZ27WudJu/8ACO99lWU8PcD5O1eQa9/wUZ8APfi0+FPwb8X+NraEwRX2raHYZsre4lKhYTMflYgs
MkcDB54r6Q03wzqlzp8NxqelfZLl4Uae0MgcwuR8ybhw2DxnvXm11Xw9nONr+eoH0xpWjxWkbI8S
N0wXXNfmP/wcA/sh6hBrWj/ti+ENK32U8MWk+MWt0UmCUbvstw4AHDD9yT6rH64H6wf8I8CeUFUv
GHwv8E/FDwTqngHx/wCH7fVNF1uxks9S067j3RzxOpBUj9c9QQCCCAa+Qy3OZ5Xj4YmPTdd091fo
dtSjzw5bn8vUke/HOMU6vq3/AIKW/wDBLL4p/sKeMr3xb4T0zUfEXwwu7gtpviSOPzZNL3Hi1vgo
/dbeizECNxgkhiVr5O8//Y/Wv3XLM0wea4ZVsPK66915PzPMnCdObjJH6sf8G3FvcTfDz4tvBA8m
zX9MyEGcfuJq4j/g4pi8n4ofD5N2c6Fct09Znr1f/g2N+X4afGCT+7r+kcf9usted/8ABycsY+L3
w82R4z4fuv8A0c9fnOBlz8fzj/fl+R11P9yR+Z9RvcpFG0svyqvLH0Hc0l5eW9hbtdXUyRxr955G
wBX3X/wSo/4I8+Nf2p9c0349/tIeG7nRvhlZ3EdzYaJfxPBeeKSPmX5GCtFZZwS7YMwG1RsJY/oO
b5xg8mwzq136Lq35HPSozrT5Yn0b/wAECv2G9d8E/BnVv2sPH2ieXqPxBSKHwxHcrmW30aFsrIR/
CZ5QZcdSixV+kNl4PvNH2iy1PavdZf6c1f0e203S7JNPstOjiihjWOGKL5URFUKqqo4UAAAAYGAK
sX13HcRiOS369GDcj6HFfgWNxuJx2JlWm9ZO56sKcKcFGKOc1OzvLO8ZLq+8zP3fKbGPrWcVvIvm
s0ETf3s5roJtN87HzvJj++2cVLD4aM0gTbjPtmsfaBKPMczbWH2mT/S7pE/vSLDj9M11FlZaO4EE
C+fIepl5/L0q7L4P0+LHzZz/ALNOtfD1naSebC7qw6FDiplK4RjynN654c0rSrafXNSsHggtoHmn
e1GNka4LHHXgc8A9K5fwx8S/h78Q7M3/AISv98MUVtLJLcxPESlxEssJ+dQTuVgRx35wciu5+IVz
oeneCNWvPEGorp+nJp0x1HUJJNq20Ow75Ce2Bk5rwPwd+zd4CPw90yWHXryw0SaDTnkXVLVbWx1C
2Fl9gVJ4FkU+ZNFKDnIO8QnA2ba7MJ7KrDmm2n0swlHmPQfGvhfwV438M6h4W17XL6wt5F8q6u9O
1k20sAyCAJ4mV4iflB2spw3XivAdT/4JA/8ABNeaa61a7+FC3V99raW71CbxjqDyiUktlpTdAq+7
5txOc969U1r4FeEPt974y1L4w6dFdXGp2c0k1zDbta3CW896EinQMElAjnkjz1DWyPyV553Q/gx8
B3v7/RdW+Jex/Cuox/brbW5oR5ttZyy3Jd1dyJV3agA1xgEgLkDqe2jisTRb9lXlH/Cvz1J9lB/F
qdj4K8AfD39mf4cXE0nibVYdBsGEpufEPiC91H7Gh2oFWS5kldY844BwM5xjJHdTXzwhvM1NJCoB
wgz1rltL8G/DGP4Z6X8JdR8fWt5pOneHYLe4im1BVa8s3iFrG7ENnYwJUHPJIHXBri9a+CPw7+Hf
h3SPHWv/ABI1fVPs17o+lR3tmIW+1XMUr2RMuRtzLDKbabnaAgI2sSTzfxr+0b5r6ab+e5UY8pT+
PP7GfwC/aWvr25+Nc2u69ZtcI8mkTeOb+PT4HUDG21juViUkYJ+U8mvMtC/4Jg/8E8fDHxBa08Gf
D2fRPEGi2UWoG+0jxbqdvPaxyO0aMJUuBtO5GGCR05BHFey+FPhR8MfiTNZ/EvWfHX2s+Ib+01W3
0/V7GCB7lbKW7eMeUD8xCTY3rnIgVu+TQ0/9nr4X2en3eoT/AB4W5GvWhOi6s88MdwixXdxdLIk8
bK8rxG4dMvlSI1BTrn0KONxNCHs41pq3RJ2X3XI9hR7HwX/wX7/ZuutB0zwB8ftIinuLW1t38Pav
dSyebIuVaW3eVzySdsq5PUkUn/Bv/wDHTTJYfFn7MWuahsuGuP7b8PxynmRcLHcovuCEkx6MTX6N
fHb4Y/s/ftIfBO+/Z++IvjSxubfxTp62tnO19F9peXOyKeLt5izJnIx8ybT3r8J/i78Hv2m/+CXv
7U9kNQeXT/EXh/UPtnhrxBHCTa6rbBsB0PR0dPlePORuKnBwa+wyPE0c/wAjnlM3y1I35b9db/gc
dePsayqPb8j99z4be5GI4Pu9asp4Imuo1fbt9sZ/rXkn/BPv/gol8Dv28fAUL6Bqdro/jSztVPiH
wheXSLPDIMK0sBJBuIWbkMuSucMFPFfS0unahAANm3P61+f4qWMwVZ0ayakt0/07o7VCE4KcHdM4
tPBMRjV7t0TPC7zjNMj8M6MCVA8xj91cYrtR4ezyU61HLockU4njGM9RXLLFVpdQ9mYlr4QjGfMs
IQCOP3fWpbrRp7WQJb2qP67hmtaw1bR9U1K70fTNZs7m7sNn262t7hXktiwyokA+4SOQDzitWKDz
OJ4sYHHNQ61R/FqbwhzHm+r2V5dyGO7tkUfwlBiqH/CPD+6K9Lu/DkUj+bJDnJ4HpVA+HT/c71p9
amvh0MPZnD/8Ir7jp/dqP/hHgP4RXdjw6f7lRnRuf9SKf1yt3D2ZxH/CPD+6KZF4YiEgR49279Kn
8GfFnw94t1/x14a1HTbrS7r4f6stprAv9m14Xs4buO6Qqx/dNHKQNwBDQyAj5TXL/Cn9qz4efE39
n3xB+0NfeG9X8O6f4YF62s6XrUKLeW0cEP2lWdUZgPMtnhnUZztmUHByAfXK3cPZnU/8IlZH7i5o
/wCETt177M+2c1w+k/tW+LfiBeXel/BT9mXX/Es+hWtt/wAJW82s2dhBpt7NbR3B01JJnxcXcaSp
vACxIzBWlByBQ1r9u74fzeHPBd14O+FvirW9Y8deI9Q8OWPhe2toor6w1myilkuLK7EsixwFPJk3
SbzGFXfuKshY+uVu5t9W8z0S10fR5bqWx+3QyTwqrS26OpeMNnaWXOQDg4yOcH0pb7RNGhaGKa4h
jeaXZDHJJhpWwTtQdWOATgDtnoDXhVj8Ybf4KfH34wfEb4g+BdRGqXuk+BbK08J6RLFdXlzqd2L2
KGxhbcqO5kcDzCVjABYsFBNM+MHxC8eat+0n8Bfh98U/gdqfhTUr3x/d3ulXCajFqFjdxx6FqQli
8+EAxzoXUmNkAZSSjPtbB9crdw+reZ7h/wAIkvW3h69axdUk8GaT4tsvAV54y0qPXNSgabT9Gku1
W7uI1GXkSEneyL3YAivIvjD/AMFINc8N/tX67+xx+zP+yV4j+K/jDwppEWpeLVsPENjpVtYRSbCq
rJdsBM+JY8qMD5wATXhnxT+J+geD/wDgud8PvjX8ZrY+DbCy/ZoudU8QW+tzpu0dR9qeSKV0JVnQ
5Q7CwLDC5yKPrlbuH1WD+LU9q+Nv7EX7L+h+KLj9qSXVdN+GniXT2Et/43tr1LC3l3ELm8UvHHJv
O1S4KTEMVEqgkV3Gl2Pwi0nW59N8T/EXw5N4mu/DEdxrrDU4oJLiwhUgXfklyVhAkJ8w5ADjLEYN
eLfHL9vj4D/tFf8ABMzxz+1D8e/2Lte1H4Srq1pb6PpGraktrc+JIPt8cUd/GYsNbxLKUKt5gZiG
A4GT8zftMR+HX/bk/aK/4RLRE0vSz+xCW0/TomyttD9hszHEM9lUBaPrL7GqpzjdRk0mmnbqmfol
4W+E3w18e2mmePPB0ljrOnSRyS2Gq2MyywTo9x9oJWVCVZGlCsQCQTGAcjIruoNBt9OhK28eXZSq
uD0U9SP5fn618Ofsq/8ABQu3/Z0/ZF/Zn/Zh+GXwL1v4lfEvxx8Nob/R/DGk6lbWESWsYk3SS3Vy
QiH93JxgjCMSRxn7n+A3iLx98U/hnZ+Mvib8F9Q8A61NNNHeeGNT1O3vJbYpKyBvNt2Mbq4XcCDn
B5ArxMfluGzTG06+JXMoPmS6XXV/Ozttda3Kw0fqtKUKdlzX1S6Mz/8AhFPp+C0Hwp7j/vmu8Giy
A/vLbHp83Wg6LKkZeS2xgcfN1r2/rlbuYfVl3ODHhOJvvrn07Un/AAioHA/9BruB4dmHMkOAenen
yeF7lACIM5o+uVu4fVvM4KTwwIwM4OfauB/ag1fXfhj+zl44+JHhkxrqOheFb++sTIm5RLFbvIhI
7jKiveP+EdbulY3xE+EOifE/wFrPw38XWcjaXr2mz2GoJFJtZ4ZY2jcA9jtY81thsc4V4SqfDdX9
L3ZE6HL1Pzx/4IcfBPQdX+CPiD9o/wAQWcN/4o8SeJ7y2uNXmHmTLCmxmUM2SheR3dscnOM8V9xt
4JsZJ0u5bJGkjDbJGjUsm7rtJBKk+1fnh8CPi18Yv+CK/wARvEXwA/aR+Euua38LdT1mS/8ADXjD
RbPzBDv+XzFziNt6eX5kLMrqwyAQa+h/hJ/wV0+Gn7Q3x68L/Br4BfADx5rljq90Y9Z8SS6O0MOl
RlTtlZVLZTO0MWKhVJIzjB+szehmOJxlTFUFz0nqpRatyrvdrXyMqcYKHJN2aPD/APgndosfxp/4
KR/Hf4o+OrRbzVPDl6dN0aSZVf7JCLpoBs3D5SI4EAPUZb1r2/8A4Ks/Bnwt4y/Yb8balr2kxz3W
g6d/aWk3Gxd9tPGw+ZWOSAVJVgMZDEGvKfi34a+KX/BKf9v7xL+1Rb/C3VPFfwi+J43a9NoVq0su
kXTMrvuGCFIcM67iqukrDcCOcT9sL/goLrH/AAUS8JJ+xz+wP8JPFGtzeLDFF4j17UtKa3jtrbep
MZ+YiNSQC0kmAFBCgk11yhicVmuHxeH/AICUW5dI8ujUuzRP937XY8s/aY8Ua542/wCCKHwx8Q+I
p5pbmPxFaWIln6yJbvdwo2e/yRoCfavq/wDa81/xB8Lf+CWOo+NPC8s0V6fAGmW0dxb8PCs8cMTs
P+Au30rJ/wCChX/BP/x54T/4JO+HPgZ8HdHuPEOofD+Szv8AUILCDzLi7VBIbmVETljvlZ9oBOCe
uK2v2Ufip4e/4KkfsIeMf2Y9Q8B6r4U17R/CNtouoSahEWgW58nbbzxFhvADxoSrBSNxHvU18dCv
haeJp606daTn5JyVn81qKnRnGbi9+nmfNv8AwT2+MPxo+AP7NmkaX8LP+Ccfi3xRDqjS3t54v026
QJqzGRlR1zGzKiogVVJwMVD+1D4a/a1/ae+Mfw++LnhP/gnl418G+IfCmswS3OtNJG5u7dJEZFfh
c+WV4JydpIra/Yy/4KGeNv8AgmToVz+x3+3P8CvFNpbaBeStoGr6fZh2SCR2fy8OypNEXYlHjY4B
IIr6x/ZJ/wCCk9h+2d8bv+EC+F37NfjW08JQaVLcXPjjV7DyoEuVIKQnaGVQ4Jwd5O4Abec11Y/F
Y3B4ypi4YePJZtT53aUWrfzb+QU4Qu7M+W7qPwR8Kf8AgtjqerftF/ZrC21rw7AfAl/qrKttDcNA
kSIrscIwZJo9x6N9a2P+C52s/Ceb4M+GvA8F9Y3/AI6u/EkMmhWdjOstylvtcSSYUs4VztUA8FmH
NO/4LK67p15+0v4d+Hv7SfwX8U6h8NLDQvt2k674I0iKXUb2+aRlaI3c6MIoVAXdGpBY4JryX4B/
F3/gn9+yl8QtN+NN1+wX8Y20+G6iisvGPjkLcRWEh+USxRuoj3gZI+YsOdvNaYSMsTHDZglJzjCy
jC1m0rJXvpvqrN+o5fagfc/xi/Zc8ZfGb9krT/hlJOIPE1rpdhPF9pOElu4Y0LxyHsGKkZ7EjNeV
/CH9q6b4GRaZ8Bf2uPhfd+FpNOs0tbPW108PbzxoFQMwweBj5pELLzk4r6s+LH7QNloH7NUX7R/w
V8LXfjiyvrS1vdHttJVz9qhlKEyHaDtCq7ZODgr718l/tYfty/CT9qL4Hp8Jfh/8I/Ed54r1a8tx
Z21xp3OnTiRTuRkLNI3BXAA4Yk4Ar8aznHRw2PniYz5KyWqtdSt0a0P6F8M8qzfiPI4ZVjsB9Yy3
2zftY1FCph5uPvVL82kbWupxs2tHfQ9c/bX0XR5/2P8AxX4k0G6hurSTR45be4gbKPG7ptZSMggi
uX+Hvh0yf8Exm1Zkyw8B3jFsdPlkrf8Ait8HPGnwq/4JUT/D3xXbzPq+l+FYxe28SGQxyNOrGMbc
528DgVY+Hmj6gn/BKKVXtJllX4f3+6Frdw+Q0/G0jd39Kwq4uvWxbqPTmotPyY8FhcNguEqGGoVV
UhTzaKjJfajGCtL0Zg/8ExPhTomjfszWvjaPTEN94j1G5nu7nHzuschijXPoAufqzHvXgv8AwVE0
fw74H/bv+A3xC+NlgT8OY5ng1C6uF3WsMwlWQ7x3ADRORg/KhPY19ff8EyNLuW/Yy8KQ31lNHNFL
eq6zwNGf+PmTHDAH9K8b/wCC1mueK9D+HXhHwVq/wkv9e+Hmuawf+Ey1jQdCjvNQ09I9phFr5o2W
8jbnAlIGApwcmvsuCavsJ0KVvdlFr709V59j808U6lbF8e5pXqzcn7ea17J2il5JJJeha/4Ki+Ov
gPZfsL+K38YeI9Dvk1jTVTwxbwXaStc3hZTDJCF5OwjcWA2hVOSK82+D/wC0B8Pf2Nf+CZ3wx8V/
tB6FcX+q3dt5vhTw3JaK17eOZZpYWRXH7oKjqS56eYAMk182eBbz/gn98Ory3+JekfsDfHPxfpOi
ASXFz4omxYQKGB3NGqKjBeGw52nHNeu/tlfGLRviX8SvgZ/wUw+EPgK98a/C7wq4tNZ8P2+n4fRr
qJwfLliXcIzh0ZTwn7kc4ZTX3KwnIqeDak6fM5NysryS0grOVr920fAQhyjf2ufjX+2x8W/2U/Fl
x8S/+CfEWh+E7vSXuF1W91xPtmlqrKUuWhYLJuU4PQHH515j8e0u77/giV8L9Qu7l5NvipYYjIdx
CJJelRn/AHVA/Cvo/wDaa/4KJ6B+3D8FNa/Zp/Yt+AfjPxh4h8V6VJBf3GoaK9pa6XbgeZI7yFsG
TCYVcjJwOelfNHxT8Zaf4y/4IxeHPhHpeiarH4m8BfEmPTvE+j3GnSLcW0kv9oTRMVIzhlY56FSj
AjivQwNWdOlR9pSVLlqp8t7tKzV2ru1yfZeZ+iv7IHwU8KfDX9mLwR4V8MaYkNunh+3nkZVwZppU
WWSRvVmdyc16PF4Vt5GI+z4x71qfs9+GrhPgP4LS5tjHIvhDSw6N1U/ZY+K6v+xsHHlV+eYnH1lX
nNu7bZ1KnoeoGzgtv4N273xTJYIJP+WWPxroF0u3dFkxjPaoza4kKeZ074r5ec+Y9A5668OaRrth
caTq2kw3lpcwtFc21wivHLGylWRlYEMpBIIPBGa+F/2n/wDg3i/Y6+NuqS+J/g3q2r/DDUp3Lz2m
gKtxpUjliSxs5CPL+kUka9flPGP0Lk0+OPGxsZ68U37J/wBNP0rqw+Y4zBz58PUcH5MiVOE/iR8V
/wDBJT/gm78R/wDgnBonxD8OeN/iLpHieLxTr1rcaPc6VYy2xW2ggKBpkkJ2yMXPALABRyc1zP8A
wVK/4JSfFP8A4KI/GHwZrvh34u6F4T0DQdKlttXmudJuLu+Z2lZsxRoyRkYPV3BBBGOtffX2T/pp
+lQ1rDNsfDGPFxnao3fmJ9hR9l7NrQ+H/wBkP/ghF+xZ+zFq9n431/Qr/wCIviiwdJbXWPGximgt
pQuC8NmiLAhzkhmV5B2fIzX2aNGxwIRW5FL5uflxj3pn2ND985/CuXE4vFYyfPXm5S7sqFOFP4UZ
X9nz9ILb6/NS/YZAPkh2+vzV0EcezPOc1LPF5MhTdn3xXOWcybK4H8NL9iuP7o/OunS337PnxvJ7
dKgn063hk2bc470AZQtLg/wfrTJILiPH7rr71rC1jX/VjHrQIMuqbvvd8UAct4p8BaX428N33hHx
Pp0V5pup2kltfWk6ZWaJ12sp56EEiuKvv2V/D2r6D/wjus+K/ENxbp4cOiWudUKm3tvMV0kXHBuI
ykeycguuzjqa9jj0yMxh0fbnqNtTxadAzh8Y29vWuiOInD4SJw5jw28/Y++HF3Zvp9td6kkTanfX
YiFzlIlvLd4LmCNCNqROskjbQMh3ZgfmIMV9+xj8NtQXVIbkXbR6jb3UNurFGawW5tobafymZSfm
jgjGG3D73rXu8en28kgj24z3pbjTreDccZ2/rT+uYr+dkeyfc8R8TfspeHfF+r6lrOueJ9ale+05
rG2QzptsYTJby7YsrwBJbRsAcgZYY5rQf9mXwpe/D+3+Hd3qt+ba18QnWop5GRnNyb5r35htClfN
dsjHQ4r1q1tLe4yNmMe9Pj0+3kkEe3Ge9V9crdw9l5niXh/9jD4e+HJ1u9B1jUrK4j0f7FFdIIWl
gcGfZcQM0ZMMii4mX5flKPtxjio7z9iv4aXdvNZf25q8cF1ayxXsMcyBZ3N+2oRy424V47l5GUqA
Cr7WBwCPd5k8qMvnOO1JJYxuA0Z2MOjYzS+u4v8AmH7GD+LU8Qh/Y5+GUWox6qNQ1Lzxcm6mZZEH
m3DakNReUjbwWnHIGBjAAHe9+0n+yF8A/wBrj4eSfDH48+A7XW9NLmS1kddlxZS4wJYJl+eFxxyp
GcAHI4r2p4IIwMx5/GopLCBMcsM/3WxSjjcXCanGbUls77MXsfM/Fr48f8G3nx5+GPitPiH+w/8A
tArdtYzfaNMs9dvH03UrVh/zzvYQEf6kJnHOe1W2/aq/4OAf2MjB4S+LPwcPjm0gA8q61PTUv2dT
0AubCVS/1kVn96/a37Hb4xspy6ZYGRo/s/THOa+ljxfiq8FDH0YV0v5orm/8CWpn9UgvhbXofkF4
Y/4Kyf8ABYD4j6tF4X8Ff8E5tLW/uPkia6sL+OJWPRmaSSNQB7mvUtH+AP8AwXO/ant/snx6/aC8
JfBXw/dcXVl4EsftOqzIeMLKWcREjI3eaCM8qa/SK4sI7ct5bY2jnjrUUGnxqnmI2N3UYrmq8QUV
b6thKdP5OT/8mbX4B9Wm/im2eH/sk/sfeA/2OvhJH8KvA2s6vqZlv5tQ1fXNfvPtN9qd5MQZJ5pM
Dc3AA9AABwK9Sls/NAHmYx7V0cVhHJnzGzjpxU/9n2He2/8AHq+fr162JrSq1XeUnds3hDlOak0S
R1Hljb61AdIuP8iuourK2WPeY87e1Z0km/GFxisizFk024jAOM5pv2OQ/cOfWtRtON3xPPu29Plp
YtFt4pBKD8y/dO3pQB8jftcfB/4sv8cIrT4aeB7+/wBE+MnhuHwf491HToQ0WjR2955gvJiWGxXs
J9SgD4OZPIXvUfx5+BnxFvf2jk+FXg7wBfzeBfi5Jot5401O0gBs9L/siTzLiOc5+Vr21jsrUKB8
wRh2r7MsdPt5SzOvz4GW9aZLYRw4MbYz14oA+RPhp4w1T9jfxj8Q/hz8VfhX43vdO13x3qXijwl4
i8I+CtQ12LU4dQcTvayDT4Znt7iGUvGFmCI0flFXPzBeQ+DHwD+McXxn8A/Gnxp8NdS0f/hJ/i54
s8X6tpEqCR/D1pdaG1pZxXRjJWOV1giZ1BO2SZlOSCa+6pNGjkAKS7fX5c5/Wnf2ZG1v5zvnHbbV
xlygfC/x6+CPxlvv2k/GXxs8J/DTU9Vg8KeKPAniLT9PjiCNr0FlDqMF7BbbyqyTRx3bOqkjLxou
QWFdD8TPG/jn4/ftG/BC4+GPwR8Xjwx4W8a3moeK/EfiTwle6ULFm0W/ghiWK8ijlcFpTvlC+UD5
abizkL9iyWEcIDIcZ68VH9jt+6VAH5Nf8Fdvgr4P+Jfxc8Ta98F/2DP2g4vjvaWNtB4N+L3ww02S
10vUZjCrIbi6ScL5cYPluXRXAThgOR518df+CVf7Vn7bf7V3wv8ABv7V/h/XfP8A+GZRpvib4jWE
byWVj4ljNxJCJ54fkmkEhjDrnDliwHKsP2wGk25H/wBaq6adbxk/Lmtfa+QH4/8Axs0P9vj9oT/g
jB48/Y1+Ln7JniqH4o+A7zSdFsP7J8PP9j8UWFtqEKJeWJjQRvtji+cJwVUOAN2BV+NX7IH7Uet/
tV/G/wAXaP8AAPxVc6XrX7GaeHdH1CHRZmivNXFhZobBG24M25HG31U1+x8On28sgj24z3ohsY2l
EcZ256nGaftX2A/Hf4g/s2/Daz/YS+A3w1/ac/4J1fH/AMSePvDnwwji0bxT8JtDmGo+Hb4Fv9Cn
dJ0MTCRRIFeOQLuBAzzX1/8A8Eefhz+2V4H/AGIdC8P/ALcd5q83i5NSu3sIfEd99p1O10wsv2eG
6kyxaQfOQCxYKVDcivsuax8r/lrnn+7TYoLePJMWc+9ROfMBzQ0iRfuJj1qyNIuMD/Cuht7e3dPL
8vpznNMbS7cBG/v47dM1AHPyadtxkb/bpimW+jyBmMaYropdPjg+43U88U4aTARkn9KAOYOl3GT9
aQaMR/yy/Wuml0+ODBRsZ9qcNJtyMk/pQByd14asr+3a01DS7e5hcfPDcx70b6jofxptj4V0zS7c
WulaJaWkYPEdpCI1/wC+RxXXLpNu0Yf1OMYoXS45Iw7vkZwBitlWaVgOXOkNJGYp4UdGGGR0DAju
CCCD+VV7HwhpOlBk0nRbW1RuWW3gWMMfXCgD9K7J9Gt1t/Pz+GKibTrdYll2/ePSphUcAOa/sbP/
ACy/WmReH7eFnaCwhjMjbnaOJVLH1JA5NdQ2nW6xLLt+8elPGmRvb+c75A6LilCbiBx2qeDdH1xd
mt6Ha3o7LdQLIo/AipbPw3aafbLZ2FhFDEn3Y4o1RR9AoArqYtOt5SRtximmztwcbKc6jmB8J/t2
ftV/t9/sr/HGy134ZfsZD4hfCeLSR/aE+kM0t81wTl2IhDPDs6AMjhuuV6V82ftGftkftvf8FLPh
DqX7LHwH/wCCdfiXw/beKGgt9T8SeKvOWK0hWZHbDTRRJGfl+/liBnCkmv2Bi063lJG3GBUcun27
8bcYNe5hM6weFpQ/2SDqQtaV5LVdXFNJv7jnlQ5tL6Hi37IP7OV1+zT+zL4J+BV9qEd9ceGvD1vZ
3V5GflmmALSMvONu9mx/Ou5j8J6RbXRvbXw9ZxTN/rJY4QGY+ueo/CuvfT7dwBtxiq5tAJTGH6Dr
ivFr154mrKpPeTu/U64VKlJWhJr0ZgixjbhYcnvzUZ0izb/WxZ9q6P7J/wBNP0pksPlAHdnPtWJN
2c//AGRCeI484/Svmn/goZ8Vv24fgZo3hvxh+yP+z3beO9Lt7mWTxnaPOHu2gCgIkUKsJMMWLeYo
Yr5eNvzZH1nTZIklADrnFdODxEcLiY1ZQU0vsyvZ/dZ+hFSPPFruflj4u/4KxftdfHPwZqnwp+Cf
/BMLxpb+ItYs5dPM2tQzm2snlRoyzqbeNXC7s4dlGQMnivo3/gk/+xH4x/Y2/ZGsvht8T/ssniHV
dWudW1izglEsVm0oRUt9wO1yqRqCQNuemetfX4to1+5Gi+6pgmk+yQYwVr1cdnUK2DlhcLRVKEnd
rmcm301fYwhRnGacpX+RysHhOxs08qx06CBM5KQQqgJ+igD9KZb+DNMtZJJrbSbZHmbdO6wKDI39
4kYyfc5Ndb9jt/7lH2O3/uV5HtmdJzH/AAjo7IPpUR0hEP7xMDtzXVS2EbgBDt/DNM/s3/pt/wCO
/wD16XtfID//2Q==
--_004_AA48E7A39AF95D4097B90DF882368BED0325BCEXMBDB02campusncl_--
=========================================================================
Date: Mon, 22 Oct 2012 15:32:04 +0100
Reply-To: Discussion list for Shibboleth developments
<[log in to unmask]>
Sender: Discussion list for Shibboleth developments
<[log in to unmask]>
From: David Perry <[log in to unmask]>
Subject: Re: Kerberos to Shibboleth single signon
In-Reply-To: <[log in to unmask]>
Mime-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
Content-Disposition: inline
Message-ID: <[log in to unmask]>
We would be very interested! I've read about this login handler which I
understand I'll basically have to deploy.
If you have a compiled krb5 apache mod_auth_kerb for testing purposes
that would be appreciated too :)
Thanks,
Dave
David Perry
eLearning Technologist, eLearning Team (L34 - Library)
Hull College Group
Wilberforce Drive, Queen's Gardens, Hull
HU1 3DG
Extension 2230 / Direct Dial 01482 381930
* * * Think about the environment - Do you really need to print this
email?>>> caleb racey <[log in to unmask]> 22/10/2012 15:27
>>>
The document simon pointed at you is a good first step to getting
Kerberos to work. Testing with mod_auth_kerb on it’s own is a good
way of checking your Kerberos config works before you look at setting
up the shibboleth kerebero login handler. In productions we don’t
use mod auth kerb we use the shibboleth Kerberos login handler that the
folks over in the swiss switch federation built. The problem with
mod_auth_kerb is the failover behaviour where is pops up the grey baci
auth box rather than forms based login (depends on which browser is
being used). We have managed to get work arounds for this and have
shibboleth with kereberos based “true single sign on” working and in
production.
We are happy to share details of our setup if you are interested
Cheers
Cal
Caleb Racey
Systems architecture manager & project manager gfivo
Newcastle University
From: Discussion list for Shibboleth developments
[mailto:[log in to unmask]] On Behalf Of Simon Palmer
Sent: 22 October 2012 15:12
To: [log in to unmask]
Subject: Re: Kerberos to Shibboleth single signon
Hi David,
No, I'm not doing this, but here is what Newcastle Uni did:
http://gfivo.ncl.ac.uk/documents/UsingKerberosticketsfortrueSingleSignOn.pdf
fyi, if you can do similar:
We achieve desktop SSO because our idp's login page is "protected"
(SSO'd) using NetIQ Access Manager (Our institution's reverse proxy, LB,
ssl offload, SSO system).
Simon Palmer
Head of Development
Colegsirgâr
e-mail:
[log in to unmask]<mailto:[log in to unmask]>
tel: 01554 748088
www.colegsirgar.ac.uk<http://www.colegsirgar.ac.uk/>
>>> David Perry
<[log in to unmask]<mailto:[log in to unmask]>>
22/10/2012 14:35 >>>
Hi all
Does anyone have any experience deploying this? Onto a linux (SLES 10
SP4) IdP. I've installed the Kerberos client stuff (I *think* - got
krb5, krb5-32bit, krb5-client, yast2-kerberos-client packges installed),
but mod_auth_kerb for Apache won't build - it's complaining no Kerberos
environment is setup yet, probably because until IT figure out what
Kerberos ports are needed and these are opened, I can't configure the
client to talk to our AD server.
I've read the Kerberos login handler config example on this page:
https://wiki.shibboleth.net/confluence/display/SHIB2/Kerberos+Login+Handler
(handler.xml configuration)
and am unsure what domains should go where in the krb:Realm sections
(there are two in this example, but we only want to talk to one
AD/Kerberos domain using one https:// - hosted IdP.
Do we only need 1 :Realm definition?
Thanks in advance for suggestions.
David Perry
eLearning Technologist, eLearning Team (L34 - Library)
Hull College Group
Wilberforce Drive, Queen's Gardens, Hull
HU1 3DG
Extension 2230 / Direct Dial 01482 381930
* * * Think about the environment - Do you really need to print this
email?
**********************************************************************
This message is sent in confidence for the addressee
only. It may contain confidential or sensitive
information. The contents are not to be disclosed
to anyone other than the addressee. Unauthorised
recipients are requested to preserve this
confidentiality and to advise us of any errors in
transmission. Any views expressed in this message
are solely the views of the individual and do not
represent the views of the College. Nothing in this
message should be construed as creating a contract.
Hull College owns the email infrastructure, including the contents.
Hull College is committed to sustainability, please reflect before
printing this email.
**********************************************************************
[cid:image001.jpg@01CDB069.BEF05AD0]
Mae'r e-bost hwn ac unrhyw ffeiliau atodedig yn gyfrinachol ac at
sylw'r unigolyn neu'r sefydliad a enwir uchod. Bydd unrhyw farn neu
sylwadau a fynegir yn perthyn i'r awdur yn unig ac ni chynrychiolant o
anghenraid farn Coleg Sir Gâr. Os ydych chi wedi derbyn yr e-bost hwn ar
gam, rhowch sylw i'r gweinyddwr ar y cyfeiriad canlynol:
[log in to unmask]<mailto:[log in to unmask]>
Cysidrwch yr amgylchedd - a oes wir angen argraffu'r ebost hwn?
This email and any files transmitted with it are confidential and
intended solely for the use of the individual or entity to whom they are
addressed. Any views or opinions expressed are solely those of the
author and do not necessarily represent those of Coleg Sir Gâr. If you
have received this email in error please notify the administrator on the
following address:
[log in to unmask]<mailto:[log in to unmask]>
Please consider the environment - do you really need to print this
email?
=========================================================================
Date: Thu, 25 Oct 2012 11:53:28 +0100
Reply-To: Discussion list for Shibboleth developments
<[log in to unmask]>
Sender: Discussion list for Shibboleth developments
<[log in to unmask]>
From: Alex Stuart <[log in to unmask]>
Subject: Another request for a Raptor custom workshop (was: Raptor
Workshops in June & July)
Comments: cc: Alistair Young <[log in to unmask]>
In-Reply-To: <[log in to unmask]>
MIME-Version: 1.0
Content-Type: multipart/mixed; boundary="----------=_1351162408-4912-87"
Message-ID: <[log in to unmask]>
This is a multi-part message in MIME format...
------------=_1351162408-4912-87
Received: from dlib-criffel.ucs.ed.ac.uk (dlib-criffel.ucs.ed.ac.uk [129.215.169.68])
(authenticated user=astuart4 mech=PLAIN bits=0)
by lmtp1.ucs.ed.ac.uk (8.13.8/8.13.7) with ESMTP id q9PArS6I010897
(version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NOT);
Thu, 25 Oct 2012 11:53:28 +0100 (BST)
Message-ID: <[log in to unmask]>
Date: Thu, 25 Oct 2012 11:53:28 +0100
From: Alex Stuart <[log in to unmask]>
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:14.0) Gecko/20120717 Thunderbird/14.0
MIME-Version: 1.0
To: Discussion list for Shibboleth developments <[log in to unmask]>
CC: Alistair Young <[log in to unmask]>
Subject: Another request for a Raptor custom workshop (was: Raptor Workshops
in June & July)
References: <[log in to unmask]> <[log in to unmask]> <[log in to unmask]> <[log in to unmask]>
In-Reply-To: <[log in to unmask]>
Content-Type: multipart/alternative;
boundary="------------010808040001080208040507"
X-Edinburgh-Scanned: at lmtp1.ucs.ed.ac.uk
with MIMEDefang 2.52, Sophie, Sophos Anti-Virus
X-Scanned-By: MIMEDefang 2.52 on 129.215.149.64
This is a multi-part message in MIME format.
--------------010808040001080208040507
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable
X-MIME-Autoconverted: from 8bit to quoted-printable by treacle.ucs.ed.ac.uk id q9PArSTV008389
I think a custom workshop would help me out. Any ideas if this would be=20
on the cards?
Alex
On 11/06/12 11:01, Alistair Young wrote:
> ditto that Glenn. We're looking into custom usage of RAPTOR too, so a=20
> custom workshop would be ideal Rhys, hint hint ;)
>
> ------------------------------------
> Alistair Young
> Senior Software Engineer
> UHI@Sabhal M=F2r Ostaig
>
>
>
>
> On 11 Jun 2012, at 10:54, Glenn Wearen wrote:
>
>> Hi Rhys,
>> I'd also be interested in the custom aspect of Raptor, we've been=20
>> considering creating a custom graph to show the attributes that are=20
>> being released (not the value of attributes -which requires ldap)
>> If you've capacity to run such a generic 'api' or 'developer'=20
>> workshop that at a later stage, please count us in
>> Kind Regards
>> Glenn
>>
--=20
Alex Stuart
Federation Support Officer,
UK Access Management Federation
EDINA, University of Edinburgh
--------------010808040001080208040507
Content-Type: text/html; charset=ISO-8859-1
Content-Disposition: inline
Content-Transfer-Encoding: 7bit
<html>
<head>
<meta content="text/html; charset=ISO-8859-1"
http-equiv="Content-Type">
</head>
<body text="#000000" bgcolor="#FFFFFF">
<div class="moz-cite-prefix">I think a custom workshop would help me
out. Any ideas if this would be on the cards?<br>
<br>
Alex<br>
<br>
On 11/06/12 11:01, Alistair Young wrote:<br>
</div>
<blockquote
cite="mid:[log in to unmask]"
type="cite">ditto that Glenn. We're looking into custom usage of
RAPTOR too, so a custom workshop would be ideal Rhys, hint hint ;)<br>
<div>
<span class="Apple-style-span" style="border-collapse: separate;
color: rgb(0, 0, 0); font-family: Helvetica; font-style:
normal; font-variant: normal; font-weight: normal;
letter-spacing: normal; line-height: normal; orphans: 2;
text-align: auto; text-indent: 0px; text-transform: none;
white-space: normal; widows: 2; word-spacing: 0px;
-webkit-border-horizontal-spacing: 0px;
-webkit-border-vertical-spacing: 0px;
-webkit-text-decorations-in-effect: none;
-webkit-text-size-adjust: auto; -webkit-text-stroke-width:
0px; font-size: medium; "><span class="Apple-style-span"
style="border-collapse: separate; color: rgb(0, 0, 0);
font-family: Helvetica; font-style: normal; font-variant:
normal; font-weight: normal; letter-spacing: normal;
line-height: normal; orphans: 2; text-indent: 0px;
text-transform: none; white-space: normal; widows: 2;
word-spacing: 0px; -webkit-border-horizontal-spacing: 0px;
-webkit-border-vertical-spacing: 0px;
-webkit-text-decorations-in-effect: none;
-webkit-text-size-adjust: auto; -webkit-text-stroke-width:
0px; font-size: medium; ">
<div style="word-wrap: break-word; -webkit-nbsp-mode: space;
-webkit-line-break: after-white-space; ">
<div><br class="Apple-interchange-newline">
------------------------------------</div>
<div>Alistair Young</div>
<div>Senior Software Engineer</div>
<div>UHI@Sabhal Mòr Ostaig</div>
<div><br>
</div>
</div>
</span><br class="Apple-interchange-newline">
</span><br class="Apple-interchange-newline">
</div>
<br>
<div>
<div>On 11 Jun 2012, at 10:54, Glenn Wearen wrote:</div>
<br class="Apple-interchange-newline">
<blockquote type="cite">
<meta content="text/html; charset=ISO-8859-1"
http-equiv="Content-Type">
<div bgcolor="#FFFFFF" text="#000000"> Hi Rhys,<br>
I'd also be interested in the custom aspect of Raptor, we've
been considering creating a custom graph to show the
attributes that are being released (not the value of
attributes -which requires ldap)<br>
If you've capacity to run such a generic 'api' or
'developer' workshop that at a later stage, please count us
in<br>
Kind Regards<br>
Glenn<br>
<br>
</div>
</blockquote>
</div>
</blockquote>
<br>
<br>
<pre class="moz-signature" cols="72">--
Alex Stuart
Federation Support Officer,
UK Access Management Federation
EDINA, University of Edinburgh
</pre>
</body>
</html>
--------------010808040001080208040507--
------------=_1351162408-4912-87
Content-Type: text/plain
Content-Disposition: inline
MIME-Version: 1.0
X-Mailer: MIME-tools 5.420 (Entity 5.420)
Content-Description: Edinburgh University charitable status
Content-Transfer-Encoding: 7bit
The University of Edinburgh is a charitable body, registered in
Scotland, with registration number SC005336.
------------=_1351162408-4912-87--
=========================================================================
Date: Thu, 25 Oct 2012 16:01:40 +0100
Reply-To: Discussion list for Shibboleth developments
<[log in to unmask]>
Sender: Discussion list for Shibboleth developments
<[log in to unmask]>
From: Carolyn Groom <[log in to unmask]>
Subject: AUTO: Carolyn Groom is out of the office. (returning 26/10/2012)
MIME-Version: 1.0
Content-type: text/plain; charset=US-ASCII
Message-ID: <[log in to unmask]>
I am out of the office until 26/10/2012.
I will respond to your message when I return.
Note: This is an automated response to your message "Another request for a
Raptor custom workshop (was: Raptor Workshops in June & July)" sent on
10/25/2012 11:53:28 AM.
This is the only notification you will receive while this person is away.
This email and any attachments may contain private and confidential information and is solely intended for the recipient(s) only. If you have received this email and any attachments in error and you are not the intended recipient be aware that any disclosure, copying, distribution or use of the contents of this information is strictly prohibited. If you have received this message in error, please notify the sender immediately by reply email and delete the message and any attachments without retaining any copies. Any views or other information in this message which do not relate to our business are not authorised by us, nor does this message form part of any contract unless so stated.
We offer no guarantees that this email or any attachment will be received error or virus free and accept no responsibility whatsoever in this regard.
Our e-mail system is subject to random monitoring and recording by us.
Carnegie College is a body incorporated under the Further and Higher Education (Scotland) Act 1992.
Check out what is new at Carnegie @ www.carnegiecollege.ac.uk
=========================================================================
Date: Tue, 30 Oct 2012 09:01:03 +0000
Reply-To: Discussion list for Shibboleth developments
<[log in to unmask]>
Sender: Discussion list for Shibboleth developments
<[log in to unmask]>
From: Andy Swiffin <[log in to unmask]>
Subject: New list for people doing IAM with Microsoft stuff
Content-Type: multipart/alternative;
boundary="_000_58D41189FAC1FE49BE7FB4582F7473C348944967AMSPRD0410MB362_"
MIME-Version: 1.0
Message-ID: <[log in to unmask]>
--_000_58D41189FAC1FE49BE7FB4582F7473C348944967AMSPRD0410MB362_
Content-Type: text/plain; charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
Hi
Apologies for the slightly off topic message.
There may be people here who might be interested in a new JISCmail list tha=
t has just been created, It's to discuss issues to do with deploying Micros=
oft Identity tools such as FIM 2010 and AD. As sound identity management i=
s core to federation I thought I might get away with advertising it :-)
Sign up at https://www.jiscmail.ac.uk/cgi-bin/webadmin?A0=3DMICROSOFT-IDENT=
ITY
Although there are other events covering this stuff they're largely corpora=
te based and as we're "a bit peculiar" in education It may be that in the f=
uture we might want start having meetings like McShib.
Cheers
Andy
Dundee
The University of Dundee is a registered Scottish Charity, No: SC015096
--_000_58D41189FAC1FE49BE7FB4582F7473C348944967AMSPRD0410MB362_
Content-Type: text/html; charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
<html dir=3D"ltr">
<head>
<meta http-equiv=3D"Content-Type" content=3D"text/html; charset=3Diso-8859-=
1">
<style id=3D"owaParaStyle" type=3D"text/css">
<!--
p
{margin-top:0;
margin-bottom:0}
-->
</style>
</head>
<body>
<div style=3D"direction:ltr; font-family:Tahoma; color:#000000; font-size:1=
0pt">Hi<br>
<br>
Apologies for the slightly off topic message.<br>
<br>
There may be people here who might be interested in a new JISCmail list tha=
t has just been created, It's to discuss issues to do with deploying Micros=
oft Identity tools such as FIM 2010 and AD. As sound identity managem=
ent is core to federation I thought I
might get away with advertising it :-)<br>
<br>
Sign up at <a href=3D"https://www.jiscmail.ac.uk/cgi-bin/webadmin?A0=3DMICR=
OSOFT-IDENTITY" target=3D"_blank">
https://www.jiscmail.ac.uk/cgi-bin/webadmin?A0=3DMICROSOFT-IDENTITY</a> <br=
>
<br>
Although there are other events covering this stuff they're largely corpora=
te based and as we're "a bit peculiar" in education It may be tha=
t in the future we might want start having meetings like McShib.<br>
<br>
Cheers<br>
Andy<br>
Dundee<br>
<br>
</div>
<br>
The University of Dundee is a registered Scottish Charity, No: SC015096
</body>
</html>
--_000_58D41189FAC1FE49BE7FB4582F7473C348944967AMSPRD0410MB362_--
=========================================================================
Date: Tue, 30 Oct 2012 09:02:04 +0000
Reply-To: Discussion list for Shibboleth developments
<[log in to unmask]>
Sender: Discussion list for Shibboleth developments
<[log in to unmask]>
From: Matthew Slowe <[log in to unmask]>
Subject: Re: Resilient Shib IdPs
In-Reply-To: <[log in to unmask]>
Content-Type: text/plain; charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
Message-ID: <[log in to unmask]>
On 4 Oct 2012, at 10:04, Andy Swiffin <[log in to unmask]> wrote:
> Hi
>=20
> I'm currently putting together plans to update our IdP infrastructure and=
want to add in automatic failover. We currently have a manual failover t=
o a secondary IdP, should it ever be needed (which since the move to Shib 2=
many many moons ago it hasn't!). However I would like to push Shib authe=
ntication for some high profile services and without having a demonstrable =
auto failover mechanism this won't be well received.
>=20
> Because Shibboleth is stateful, if you are going to loadbalance cluster i=
t you need a mechanism for sharing state information, the shibboleth docume=
ntation says: "By default the Shibboleth team recommends the use of Terrac=
otta as the mechanism for doing this" which is a shame because I have it o=
n high authority that "I think you'd be insane to consider it.".... I kn=
ow a lot of people have found Terracotta to have, itself, caused shib outag=
es.
>=20
> Without state sharing you need to go for a hot standby rather than loadba=
lanced approach, but unfortunately our existing Cisco content switch (which=
is well overdue for replacement) cannot do this. =20
>=20
> So, I'd be interested to hear from anyone who is doing hot standby with =
their Shibboleth IdP (i.e. if IdP1 is responding always use it, if it fail=
s the test switch to IdP2) and what type of hardware loadbalancer you're u=
sing at the front to do this.
Hey,
Missed this at the time but we do exactly that :)
Two x Shib IDP as a "primary" and "failover" node which know nothing about =
each other.
We use LVS (Linux Virtual Server) Load Balancing in front which does a freq=
uent but very simple service check to the primary and if it doesn't reply i=
n a reasonable time will send traffic to the secondary node instead (normal=
ly within a few seconds). This currently doesn't cope with a tomcat failure=
, only an Apache one.
Semi-seamless failover is achieved by using SimpleSAMLphp+mod_authmemcookie=
on both nodes to protect Apache+mod_ajk and sharing sessions between them.
The scope for a user-impacting problem is small, IMO: someone hitting PRIMA=
RY for the initial Shib assertion generation, getting bounced back to the S=
P and the SP then needing to do a back-channel Attribute Lookup and being t=
old that the token is invalid. Given that an increasing number of SPs are s=
upporting SAML2 and POSTing of assertions via the browser this will become =
less and less of a problem (I hope!).
Yell if you need more details.
--=20
Matthew Slowe
Server Infrastructure Team e: [log in to unmask]
IS, University of Kent t: +44 (0)1227 824265
Canterbury, UK w: www.kent.ac.uk
