Return-Path: X-Original-To: apmail-directory-users-archive@www.apache.org Delivered-To: apmail-directory-users-archive@www.apache.org Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by minotaur.apache.org (Postfix) with SMTP id 2FB7010D6D for ; Fri, 25 Jul 2014 20:46:52 +0000 (UTC) Received: (qmail 62966 invoked by uid 500); 25 Jul 2014 20:46:51 -0000 Delivered-To: apmail-directory-users-archive@directory.apache.org Received: (qmail 62930 invoked by uid 500); 25 Jul 2014 20:46:51 -0000 Mailing-List: contact users-help@directory.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: users@directory.apache.org Delivered-To: mailing list users@directory.apache.org Received: (qmail 62919 invoked by uid 99); 25 Jul 2014 20:46:51 -0000 Received: from minotaur.apache.org (HELO minotaur.apache.org) (140.211.11.9) by apache.org (qpsmtpd/0.29) with ESMTP; Fri, 25 Jul 2014 20:46:51 +0000 Received: from localhost (HELO mail-we0-f177.google.com) (127.0.0.1) (smtp-auth username kayyagari, mechanism plain) by minotaur.apache.org (qpsmtpd/0.29) with ESMTP; Fri, 25 Jul 2014 20:46:51 +0000 Received: by mail-we0-f177.google.com with SMTP id w62so4697671wes.22 for ; Fri, 25 Jul 2014 13:46:49 -0700 (PDT) MIME-Version: 1.0 X-Received: by 10.194.60.240 with SMTP id k16mr10091810wjr.0.1406321209359; Fri, 25 Jul 2014 13:46:49 -0700 (PDT) Received: by 10.216.121.9 with HTTP; Fri, 25 Jul 2014 13:46:49 -0700 (PDT) In-Reply-To: References: <53D281E4.4060700@gmail.com> Date: Sat, 26 Jul 2014 02:16:49 +0530 Message-ID: Subject: Re: [ApacheDS] Generating keytab file for Websphere Kerberos configuration, now with KRB-ERROR in logs From: Kiran Ayyagari To: "users@directory.apache.org" Content-Type: multipart/alternative; boundary=047d7bacc1e41fc96304ff0aacbc --047d7bacc1e41fc96304ff0aacbc Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: quoted-printable On Sat, Jul 26, 2014 at 2:10 AM, Brian Laskey wrote: > Thanks all for the help. I am able to successfully use kinit on the linux > server to authenticate using my generated keytab file. It seemed that the > passwords were not working, but after editing all the passwords of my > principals and trying again everything started to work? > > bash-4.1$ env > KRB5_CONFIG=3D/opt/IBM/WebSphere/V8.5/AppServer/etc/krb5/apacheds-krb.con= f > kinit -V -k -t /opt/IBM/WebSphere/V8.5/AppServer/etc/krb5/apacheds.keytab > was/op-dev-kvm26.swg.usma.ibm.com@EXAMPLE.COM > Using default cache: /tmp/krb5cc_13553 > Using principal: was/op-dev-kvm26.swg.usma.ibm.com@EXAMPLE.COM > Using keytab: /opt/IBM/WebSphere/V8.5/AppServer/etc/krb5/apacheds.keytab > Authenticated to Kerberos v5 > > > Unfortunately, I am now stuck with WebSphere errors on log in: > com.ibm.ws.security.auth.kerberos.Krb5LoginModuleWrapper.login ProbeId:55= 4 > Reporter:com.ibm.ws.security.auth.kerberos.Krb5LoginModuleWrapper@84ff01d= d > javax.security.auth.login.FailedLoginException: Login error: > com.ibm.security.krb5.KrbException, status code: 29 > message: A service is not available > at > > com.ibm.security.jgss.i18n.I18NException.throwFailedLoginException(I18NEx= ception.java:30) > at > com.ibm.security.auth.module.Krb5LoginModule.a(Krb5LoginModule.java:719) > at > com.ibm.security.auth.module.Krb5LoginModule.b(Krb5LoginModule.java:742) > at > com.ibm.security.auth.module.Krb5LoginModule.login(Krb5LoginModule.java:2= 5) > > > In ApacheDS debug logs, I see this exception corresponding to the login > attempt in websphere: > > [16:16:55] ERROR > [org.apache.directory.server.kerberos.protocol.KerberosProtocolHandler] - > ERR_152 Unexpected exception: 1 > java.lang.ArrayIndexOutOfBoundsException: 1 > at sun.security.krb5.PrincipalName.(Unknown Source) > looks like a bad principal name was sent or a bug in parsing code in ApacheDS what is the principal that websphere is sending? > at javax.security.auth.kerberos.KerberosPrincipal.(Unknown > Source) > at > > org.apache.directory.shared.kerberos.KerberosUtils.getKerberosPrincipal(K= erberosUtils.java:312) > at > > org.apache.directory.server.kerberos.kdc.authentication.AuthenticationSer= vice.getClientEntry(AuthenticationService.java:169) > at > > org.apache.directory.server.kerberos.kdc.authentication.AuthenticationSer= vice.execute(AuthenticationService.java:122) > at > > org.apache.directory.server.kerberos.protocol.KerberosProtocolHandler.mes= sageReceived(KerberosProtocolHandler.java:206) > at > > org.apache.mina.core.filterchain.DefaultIoFilterChain$TailFilter.messageR= eceived(DefaultIoFilterChain.java:690) > at > > org.apache.mina.core.filterchain.DefaultIoFilterChain.callNextMessageRece= ived(DefaultIoFilterChain.java:417) > at > > org.apache.mina.core.filterchain.DefaultIoFilterChain.access$1200(Default= IoFilterChain.java:47) > at > > org.apache.mina.core.filterchain.DefaultIoFilterChain$EntryImpl$1.message= Received(DefaultIoFilterChain.java:765) > at > > org.apache.mina.filter.codec.ProtocolCodecFilter$ProtocolDecoderOutputImp= l.flush(ProtocolCodecFilter.java:407) > at > > org.apache.mina.filter.codec.ProtocolCodecFilter.messageReceived(Protocol= CodecFilter.java:236) > at > > org.apache.mina.core.filterchain.DefaultIoFilterChain.callNextMessageRece= ived(DefaultIoFilterChain.java:417) > at > > org.apache.mina.core.filterchain.DefaultIoFilterChain.access$1200(Default= IoFilterChain.java:47) > at > > org.apache.mina.core.filterchain.DefaultIoFilterChain$EntryImpl$1.message= Received(DefaultIoFilterChain.java:765) > at > > org.apache.mina.core.filterchain.IoFilterAdapter.messageReceived(IoFilter= Adapter.java:109) > at > > org.apache.mina.core.filterchain.DefaultIoFilterChain.callNextMessageRece= ived(DefaultIoFilterChain.java:417) > at > > org.apache.mina.core.filterchain.DefaultIoFilterChain.fireMessageReceived= (DefaultIoFilterChain.java:410) > at > > org.apache.mina.core.polling.AbstractPollingConnectionlessIoAcceptor.read= Handle(AbstractPollingConnectionlessIoAcceptor.java:701) > at > > org.apache.mina.core.polling.AbstractPollingConnectionlessIoAcceptor.proc= essReadySessions(AbstractPollingConnectionlessIoAcceptor.java:670) > at > > org.apache.mina.core.polling.AbstractPollingConnectionlessIoAcceptor.acce= ss$800(AbstractPollingConnectionlessIoAcceptor.java:61) > at > > org.apache.mina.core.polling.AbstractPollingConnectionlessIoAcceptor$Acce= ptor.run(AbstractPollingConnectionlessIoAcceptor.java:607) > at > > org.apache.mina.util.NamePreservingRunnable.run(NamePreservingRunnable.ja= va:64) > at java.util.concurrent.ThreadPoolExecutor$Worker.runTask(Unknown > Source) > at java.util.concurrent.ThreadPoolExecutor$Worker.run(Unknown Source) > at java.lang.Thread.run(Unknown Source) > > Although later I do see SUCCESS messages in the logs for that same user > request > > [16:16:55] DEBUG > [org.apache.directory.server.ldap.handlers.request.BindRequestHandler] - > Returned SUCCESS message: MessageType : BIND_RESPONSE > ... > [16:16:55] DEBUG [org.apache.directory.server.OPERATION_LOG] - << > UnbindOperation successful > ... > > > > > On Fri, Jul 25, 2014 at 3:14 PM, Brian Laskey > wrote: > > > > the default enctypes are > > > aes128-cts-hmac-sha1-96 > > > des3-cbc-sha1-kd > > > des-cbc-md5 > > > what error are you getting? the preauth error? > > If I set my conf file to only: > > > > default_tkt_enctypes =3D aes128-cts-hmac-sha1-96 > > default_tgs_enctypes =3D aes128-cts-hmac-sha1-96 > > > > And only check that off in the Kerberos setting page of ApacheDS > > > > I get this in kinit (on linux) for any user I've tried, with either > > manually typing password or keytab file > > > > kinit: Password incorrect while getting initial credentials > > > > I think I was seeing encryption type not supported by server error if I > > checked the RC4-HMAC box in ApacheDS and put that in my conf. > > > > > > > I would suggest to first test with kinit(to rule out any non-Studio > > > related issues), and > > > once this succeeds we can try with Studio > > > > I agree. But I can't seem to figure out why the password incorrect erro= r > > is coming up? > > > > > > On Fri, Jul 25, 2014 at 2:44 PM, Kiran Ayyagari > > wrote: > > > >> On Sat, Jul 26, 2014 at 12:00 AM, Brian Laskey > >> wrote: > >> > >> > What are the supported encryption types for ApacheDS? > >> > > >> > the default enctypes are > >> aes128-cts-hmac-sha1-96 > >> des3-cbc-sha1-kd > >> des-cbc-md5 > >> > >> > >> > I've had some issues on the Linux side with kinit, I had configured = my > >> > krb.conf file with: > >> > default_tkt_enctypes =3D aes128-cts-hmac-sha1-96 > >> > default_tgs_enctypes =3D aes128-cts-hmac-sha1-96 > >> > > >> > And tried checking that off only in the Kerberos settings of Studio. > >> Didn't > >> > seem to solve the password error with kinit. If I tried other > enctypes I > >> > > >> what error are you getting? the preauth error? > >> > >> > got other errors like encryption type not supported. Eg.g had proble= ms > >> with > >> > below, not sure if it's the cause of my issues. > >> > #default_tkt_enctypes =3D des3-cbc-sha1 des-cbc-md5 aes128-cts > >> > des3-cbc-sha1-kd aes128-cts-hmac-sha1-96 > >> > #default_tgs_enctypes =3D des3-cbc-sha1 des-cbc-md5 aes128-cts > >> > des3-cbc-sha1-kd aes128-cts-hmac-sha1-96 > >> > > >> > I can try to install Studio on my red hat linux server, but that onl= y > >> has > >> > IBM JDK 6 on it if that matters. > >> > > >> > I would suggest to first test with kinit(to rule out any non-Studio > >> related issues), and > >> once this succeeds we can try with Studio > >> > >> > Thanks > >> > Brian > >> > > >> > > >> > On Fri, Jul 25, 2014 at 2:23 PM, Kiran Ayyagari > > >> > wrote: > >> > > >> > > On Fri, Jul 25, 2014 at 11:50 PM, Brian Laskey < > >> brian.laskey@gmail.com> > >> > > wrote: > >> > > > >> > > > Apologies for the multiple emails, but if I change Directory > Studio > >> vm > >> > to > >> > > > > >> > > np, feel free to post > >> > > > >> > > > Sun/Oracle jdk1.6.0_31\jre\bin I get a different exception in > >> logging > >> > in > >> > > > with Kerberos or using the 'Check Authentication' button. > >> > > > > >> > > > can you try with Studio on Linux/Unix? I suspect that RC4 is > being > >> > used > >> > > on Windows > >> > > box (RC4 encryption type is not yet supported in ApacheDS) > >> > > > >> > > > I don't seem to see any errors in apacheds.log > >> > > > > >> > > > > >> > > > Error while opening connection > >> > > > - *javax.security.auth.login.LoginException: Checksum failed* > >> > > > org.apache.directory.api.ldap.model.exception.LdapException: > >> > > > javax.security.auth.login.LoginException: Checksum failed > >> > > > at > >> > > > > >> > > > > >> > > > >> > > >> > org.apache.directory.ldap.client.api.LdapNetworkConnection.bindAsync(Ldap= NetworkConnection.java:1535) > >> > > > at > >> > > > > >> > > > > >> > > > >> > > >> > org.apache.directory.ldap.client.api.LdapNetworkConnection.bind(LdapNetwo= rkConnection.java:1421) > >> > > > at > >> > > > > >> > > > > >> > > > >> > > >> > org.apache.directory.studio.connection.core.io.api.DirectoryApiConnection= Wrapper$2.run(DirectoryApiConnectionWrapper.java:447) > >> > > > at > >> > > > > >> > > > > >> > > > >> > > >> > org.apache.directory.studio.connection.core.io.api.DirectoryApiConnection= Wrapper.runAndMonitor(DirectoryApiConnectionWrapper.java:1175) > >> > > > at > >> > > > > >> > > > > >> > > > >> > > >> > org.apache.directory.studio.connection.core.io.api.DirectoryApiConnection= Wrapper.doBind(DirectoryApiConnectionWrapper.java:460) > >> > > > at > >> > > > > >> > > > > >> > > > >> > > >> > org.apache.directory.studio.connection.core.io.api.DirectoryApiConnection= Wrapper.bind(DirectoryApiConnectionWrapper.java:306) > >> > > > at > >> > > > > >> > > > > >> > > > >> > > >> > org.apache.directory.studio.connection.core.jobs.OpenConnectionsRunnable.= run(OpenConnectionsRunnable.java:114) > >> > > > at > >> > > > > >> > > > > >> > > > >> > > >> > org.apache.directory.studio.connection.core.jobs.StudioConnectionJob.run(= StudioConnectionJob.java:109) > >> > > > at org.eclipse.core.internal.jobs.Worker.run(Worker.java:54) > >> > > > Caused by: javax.security.auth.login.LoginException: Checksum > failed > >> > > > at > >> > > > > >> > > > > >> > > > >> > > >> > com.sun.security.auth.module.Krb5LoginModule.attemptAuthentication(Krb5Lo= ginModule.java:696) > >> > > > at > >> > > > > >> > > > > >> > > > >> > > >> > com.sun.security.auth.module.Krb5LoginModule.login(Krb5LoginModule.java:5= 42) > >> > > > at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Metho= d) > >> > > > at > >> > > > > >> > > > > >> > > > >> > > >> > sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java= :39) > >> > > > at > >> > > > > >> > > > > >> > > > >> > > >> > sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorI= mpl.java:25) > >> > > > at java.lang.reflect.Method.invoke(Method.java:597) > >> > > > at > >> > > javax.security.auth.login.LoginContext.invoke(LoginContext.java:76= 9) > >> > > > at > >> > > > > >> > > javax.security.auth.login.LoginContext.access$000(LoginContext.java:186) > >> > > > at > >> > > javax.security.auth.login.LoginContext$4.run(LoginContext.java:683= ) > >> > > > at java.security.AccessController.doPrivileged(Native Method= ) > >> > > > at > >> > > > > >> > > javax.security.auth.login.LoginContext.invokePriv(LoginContext.java:680) > >> > > > at > >> > > javax.security.auth.login.LoginContext.login(LoginContext.java:579= ) > >> > > > at > >> > > > > >> > > > > >> > > > >> > > >> > org.apache.directory.ldap.client.api.LdapNetworkConnection.bindAsync(Ldap= NetworkConnection.java:1522) > >> > > > ... 8 more > >> > > > Caused by: KrbException: Checksum failed > >> > > > at > >> > > > > >> > > > > >> > > > >> > > >> > sun.security.krb5.internal.crypto.Aes128CtsHmacSha1EType.decrypt(Aes128Ct= sHmacSha1EType.java:85) > >> > > > at > >> > > > > >> > > > > >> > > > >> > > >> > sun.security.krb5.internal.crypto.Aes128CtsHmacSha1EType.decrypt(Aes128Ct= sHmacSha1EType.java:77) > >> > > > at > >> sun.security.krb5.EncryptedData.decrypt(EncryptedData.java:168) > >> > > > at sun.security.krb5.KrbAsRep.(KrbAsRep.java:87) > >> > > > at sun.security.krb5.KrbAsReq.getReply(KrbAsReq.java:446) > >> > > > at > >> > sun.security.krb5.Credentials.sendASRequest(Credentials.java:401) > >> > > > at > >> sun.security.krb5.Credentials.acquireTGT(Credentials.java:350) > >> > > > at > >> > > > > >> > > > > >> > > > >> > > >> > com.sun.security.auth.module.Krb5LoginModule.attemptAuthentication(Krb5Lo= ginModule.java:662) > >> > > > ... 20 more > >> > > > Caused by: java.security.GeneralSecurityException: Checksum fail= ed > >> > > > at > >> > > > > >> > > > > >> > > > >> > > >> > sun.security.krb5.internal.crypto.dk.AesDkCrypto.decryptCTS(AesDkCrypto.j= ava:431) > >> > > > at > >> > > > > >> > > > > >> > > > >> > > >> > sun.security.krb5.internal.crypto.dk.AesDkCrypto.decrypt(AesDkCrypto.java= :254) > >> > > > at > >> sun.security.krb5.internal.crypto.Aes128.decrypt(Aes128.java:59) > >> > > > at > >> > > > > >> > > > > >> > > > >> > > >> > sun.security.krb5.internal.crypto.Aes128CtsHmacSha1EType.decrypt(Aes128Ct= sHmacSha1EType.java:83) > >> > > > ... 27 more > >> > > > > >> > > > javax.security.auth.login.LoginException: Checksum failed > >> > > > > >> > > > > >> > > > On Fri, Jul 25, 2014 at 2:06 PM, Brian Laskey < > >> brian.laskey@gmail.com> > >> > > > wrote: > >> > > > > >> > > > > > >> > > > > I appreciate the help with this. I am new to ApacheDS and > >> Kerberos. > >> > > > > > >> > > > > I have now tried that tutorial (of course I hadn't got that > far, I > >> > was > >> > > > > trying the tutorial before it, 4.1 - Authenticate with kinit o= n > >> > Linux!) > >> > > > > > >> > > > > Adding krbtgt/EXAMPLE.COM@EXAMPLE.COM SOLVES the "Server not > >> found > >> > in > >> > > > the > >> > > > > Kerberos database while getting initial credentials" error wit= h > >> > kinit. > >> > > So > >> > > > > that's good. > >> > > > > > >> > > > > However, now in kinit I get a new error for any principal I tr= y > >> > (either > >> > > > > using my generated keytab or by typing in the password). > >> > > > > Verbose output of kinit -V monkey@EXAMPLE.COM > >> > > > > Using default cache: /tmp/krb5cc_13553 > >> > > > > Using principal: monkey@EXAMPLE.COM > >> > > > > Password for monkey@EXAMPLE.COM: > >> > > > > kinit: Password incorrect while getting initial credentials > >> > > > > > >> > > > > I am trying kinit on a linux machine. > >> > > > > > >> > > > > On a separate Windows 7 machine, I have Apache Directory Studi= o. > >> > > > Following > >> > > > > the tutorial as best I can (Kerberos settings tab seems subtly > >> > > different > >> > > > > than the screens I see on Apache Directory Studio > 2.0.0.v20130628 > >> / > >> > > Win7 > >> > > > / > >> > > > > IBM Java 1.7 JRE) > >> > > > > > >> > > > > After I set up krbtgt and ldap principals, when I try to conne= ct > >> as > >> > one > >> > > > of > >> > > > > my principals using Apache directory Studio I get this > exception: > >> > > > > > >> > > > > Error while opening connection > >> > > > > - java.lang.IllegalArgumentException > >> > > > > org.apache.directory.api.ldap.model.exception.LdapException: > >> > > > > java.lang.IllegalArgumentException > >> > > > > at > >> > > > > > >> > > > > >> > > > >> > > >> > org.apache.directory.ldap.client.api.LdapNetworkConnection.bindAsync(Ldap= NetworkConnection.java:1535) > >> > > > > at > >> > > > > > >> > > > > >> > > > >> > > >> > org.apache.directory.ldap.client.api.LdapNetworkConnection.bind(LdapNetwo= rkConnection.java:1421) > >> > > > > at > >> > > > > > >> > > > > >> > > > >> > > >> > org.apache.directory.studio.connection.core.io.api.DirectoryApiConnection= Wrapper$2.run(DirectoryApiConnectionWrapper.java:447) > >> > > > > at > >> > > > > > >> > > > > >> > > > >> > > >> > org.apache.directory.studio.connection.core.io.api.DirectoryApiConnection= Wrapper.runAndMonitor(DirectoryApiConnectionWrapper.java:1175) > >> > > > > at > >> > > > > > >> > > > > >> > > > >> > > >> > org.apache.directory.studio.connection.core.io.api.DirectoryApiConnection= Wrapper.doBind(DirectoryApiConnectionWrapper.java:460) > >> > > > > at > >> > > > > > >> > > > > >> > > > >> > > >> > org.apache.directory.studio.connection.core.io.api.DirectoryApiConnection= Wrapper.bind(DirectoryApiConnectionWrapper.java:306) > >> > > > > at > >> > > > > > >> > > > > >> > > > >> > > >> > org.apache.directory.studio.connection.core.jobs.OpenConnectionsRunnable.= run(OpenConnectionsRunnable.java:114) > >> > > > > at > >> > > > > > >> > > > > >> > > > >> > > >> > org.apache.directory.studio.connection.core.jobs.StudioConnectionJob.run(= StudioConnectionJob.java:109) > >> > > > > at org.eclipse.core.internal.jobs.Worker.run(Worker.java:5= 4) > >> > > > > Caused by: java.lang.IllegalArgumentException > >> > > > > at > >> > > > > > >> > > > > >> > > > >> > > >> > javax.security.auth.login.AppConfigurationEntry.(AppConfigurationEn= try.java:84) > >> > > > > at > >> > > > > > >> > > > > >> > > > >> > > >> > org.apache.directory.studio.connection.core.io.api.DirectoryApiConnection= Wrapper$InnerConfiguration.getAppConfigurationEntry(DirectoryApiConnectionW= rapper.java:1222) > >> > > > > at > >> > > javax.security.auth.login.LoginContext.init(LoginContext.java:269) > >> > > > > at > >> > > > > javax.security.auth.login.LoginContext.(LoginContext.java:427) > >> > > > > at > >> > > > > > >> > > > > >> > > > >> > > >> > org.apache.directory.ldap.client.api.LdapNetworkConnection.bindAsync(Ldap= NetworkConnection.java:1520) > >> > > > > ... 8 more > >> > > > > > >> > > > > java.lang.IllegalArgumentException > >> > > > > > >> > > > > > >> > > > > Seems like no matter which way I go I am finding all the > hurdles. > >> > > > > > >> > > > > Thank you, > >> > > > > Brian > >> > > > > > >> > > > > On Fri, Jul 25, 2014 at 12:12 PM, Emmanuel L=C3=A9charny < > >> > > elecharny@gmail.com > >> > > > > > >> > > > > wrote: > >> > > > > > >> > > > >> Le 25/07/2014 17:19, Brian Laskey a =C3=A9crit : > >> > > > >> > Actually, I solved the "Additional pre-authentication > required" > >> > > error > >> > > > by > >> > > > >> > Opening Configuration on my ApacheDS server with Directory > >> Studio, > >> > > on > >> > > > >> the > >> > > > >> > Kerberos Server tab, uncheck Require Pre-AuthenticationBy > >> > Encrypted > >> > > > >> > TimeStamp check box under Ticket Settings. > >> > > > >> > > >> > > > >> > > >> > > > >> > Now I receive a different error with kinit using the same > >> keytab > >> > and > >> > > > >> conf > >> > > > >> > file: > >> > > > >> > kinit: Server not found in Kerberos database while getting > >> initial > >> > > > >> > credentials > >> > > > >> > > >> > > > >> > > >> > > > >> > Should I create a principal krbtgt manually? > >> > > > >> > >> > > > >> I think so. > >> > > > >> > >> > > > >> Have you followed the tutorial on > >> > > > >> > >> > > > >> > >> > > > > >> > > > >> > > >> > http://directory.apache.org/apacheds/kerberos-ug/4.2-authenticate-studio.= html > >> > > > >> ? > >> > > > >> > >> > > > >> > >> > > > > > >> > > > > >> > > > >> > > > >> > > > >> > > -- > >> > > Kiran Ayyagari > >> > > http://keydap.com > >> > > > >> > > >> > >> > >> > >> -- > >> Kiran Ayyagari > >> http://keydap.com > >> > > > > > --=20 Kiran Ayyagari http://keydap.com --047d7bacc1e41fc96304ff0aacbc--