[squid-users] Squid-cache clustering
Hi all, I just want to know if theres other way to cluster 2 or more Squid-cache/proxy? My idea of clustering 2 or more proxy is by using a layer 7 switch, define a common IP on the switch that will simoultaneously checks multiple proxy server. Any Idea is welcome and highly appreciated. Thank you very much Wennie
Re: [squid-users] Squid-cache clustering
You could try using ipvsadm SOL Quoting [EMAIL PROTECTED]: Hi all, I just want to know if theres other way to cluster 2 or more Squid-cache/proxy? My idea of clustering 2 or more proxy is by using a layer 7 switch, define a common IP on the switch that will simoultaneously checks multiple proxy server. Any Idea is welcome and highly appreciated. Thank you very much Wennie
Re: [squid-users] squid and blank/empty passwords?
tor 2006-04-06 klockan 19:29 -0400 skrev Scott Ehrlich: On Thu, 6 Apr 2006, Henrik Nordstrom wrote: You will need to change the source somewhat. Both Squid and ncsa_auth denies blank passwords without even looking into the password file. The attached patch should fix this for ncsa_auth. Make sure to read squid.conf.default after applying the patch as it adds a new auth_param basic option for enabling blank passwords. Would the answer change if I didn't care about using htpasswd? My goal is to create usernames with blank/no passwords for squid to use. Do I need to patch squid to make this happen, regardless of method (htpasswd, etc)? The patch I sent includes the needed changes to Squid and ncsa_auth. The changes to Squid is generic and independent of which basic authentication backend you are using and required to make Squid consider blank passwords possible. Without these changes Squid always rejects blank passwords even if supported by you authentication backend. The ncsa_auth changes is specific to ncsa_auth allowing it to process blank password queries sent by Squid, but other basic auth helpers may need similar changes as the ncsa_auth as most are based on the same basic request processing/parsing loop as ncsa_auth.. I have not looked in detail at how other basic auth helpers handles this. Regards Henrik signature.asc Description: Detta är en digitalt signerad meddelandedel
Re: [squid-users] use samba to solve missing passwd pop-up problem caused by NTLM
tor 2006-04-06 klockan 14:20 -0300 skrev Isnard Delacoste Jaquet Junior: does that mean ntlm, or transparent authentication, can't be implemented using a samba pdc? ofcourse it can. A Samba PDC implements a Windows domain and is a Windows domain controller. Regards Henrik signature.asc Description: Detta är en digitalt signerad meddelandedel
Re: [squid-users] Squid crash, what happened?
Nick, Try editting smb.conf and setting multiple password servers: i.e.: password server = 10.0.0.152, 10.0.0.34, 10.0.0.32 - Original Message - From: Nick Duda [EMAIL PROTECTED] To: Henrik Nordstrom [EMAIL PROTECTED] Cc: squid-users@squid-cache.org Sent: Thursday, April 06, 2006 10:57 AM Subject: RE: [squid-users] Squid crash, what happened? I confirmed that the DC failed (was offline). How can I configure squid/winbind to try another DC or load balance what DC it uses? I have 2 DC's (that also run DNS on them) in the site in question. - Nick -Original Message- From: Henrik Nordstrom [mailto:[EMAIL PROTECTED] Sent: Thursday, April 06, 2006 8:58 AM To: Nick Duda Cc: squid-users@squid-cache.org Subject: Re: [squid-users] Squid crash, what happened? tor 2006-04-06 klockan 08:10 -0400 skrev Nick Duda: This morning I got my alert and restarted and it worked fine. It appears it could not find a domain control or as the log states a DNS server. I cant see why, I have no record of it being down. Can anyone make light of this situation, or is it safe to assume that squid just couldn't see a DC/DNS and gave up. Seems it lost contact with both the Windows DC and your DNS. This smells like a networking problem. Was there anything relevant in /var/log/messages besides the messages from Squid? Regards Henrik - Confidentiality note The information in this email and any attachment may contain confidential and proprietary information of VistaPrint and/or its affiliates and may be privileged or otherwise protected from disclosure. If you are not the intended recipient, you are hereby notified that any review, reliance or distribution by others or forwarding without express permission is strictly prohibited and may cause liability. In case you have received this message due to an error in transmission, please notify the sender immediately and to delete this email and any attachment from your system. -
Re: [squid-users] Squid crash, what happened?
fre 2006-04-07 klockan 07:27 -0300 skrev Rodrigo A B Freire: Nick, Try editting smb.conf and setting multiple password servers: i.e.: password server = 10.0.0.152, 10.0.0.34, 10.0.0.32 Actually the reverse applies. Once joined the domain there should not be any password servers specified. winbindd finds this information automatically using NBT, WINS or DNS name lookups depending on the environment.. Regards Henrik signature.asc Description: Detta är en digitalt signerad meddelandedel
Re: [squid-users] Problems with SSL Reverse Proxy and OpenCA Integration
hi all, have no one any hint or idea ?!? - laurent . derrien / Henrik Nordstrom kind regards, padu Am Mittwoch, den 05.04.2006, 13:33 +0200 schrieb H.Padukience: Hi, we planed to use squid 3.0(-PRE3-20060221) as an SSL Reverse Proxy to Microsoft IIS with OpenCA Integration. our (test) system environment looks as follows: OS: SuSE Enterprise 9 SP3 Squid-Version: 3.0-PRE3-20060221 Squid-Options: --prefix=/usr/local/squid3 --enable-ssl Squid-Start-Options: /pathto/squid -sNd5Cf /pathto/etc/squid.conf SSL: openssl-0.9.7d-15.21 Client-Browser: Microsoft Internet Explorer Version 5,6 We only want to accept connections depending on client certificate validation (from OpenCA). Here are the main lines for CA-Integration in squid: --squid.conf--snip-- https_port 443 cert=/pathto/server.cert key=/pathto/server.key version=1 defaultsite=testserver clientca=/pathto/cacert.pem protocol=http --snap-- After starting IE and select from POPUP-Window our installed client certificate (user-certificate), the connection stops with errors: --snip-- 2006/04/05 14:51:08.035| clientNegotiateSSL: Error negotiating SSL connection on FD 11: Aborted by client 2006/04/05 14:51:13| clientNegotiateSSL: Error negotiating SSL connection on FD 11: error:140890C7:SSL routines:SSL3_GET_CLIENT_CERTIFICATE:peer did not return a certificate (1/-1) 2006/04/05 14:52:47.747| clientNegotiateSSL: Error negotiating SSL connection on FD 11: Aborted by client 2006/04/05 14:52:54| SSL unknown certificate error 20 in /C=DE/O=/OU=Internet/CN=padu/serialNumber=99 2006/04/05 14:52:54| clientNegotiateSSL: Error negotiating SSL connection on FD 11: error:140890B2:SSL routines:SSL3_GET_CLIENT_CERTIFICATE:no certificate returned (1/-1) 2006/04/05 14:52:54| SSL unknown certificate error 20 in /C=DE/O=/OU=Internet/CN=padu/serialNumber=99 --snap-- Can you please give me a hint how to force (any) clients to authenticate with certificates? -- Freundliche Gruesse aus Nuernberg, Holger Padukience mailto: [EMAIL PROTECTED] mobil: +49 170 9969293
Re: [squid-users] HTTP Near Miss Service Time
fre 2006-04-07 klockan 10:10 +0600 skrev Sergey Velikanov: What HTTP Near Miss Service Time (cacheHttpNmSvcTime) param meas? I understand your question.. had to look into the source myself. The Near Miss service time is the service time of TCP_IMS_HIT requests. This is successful cache validations sent to your cache, served directly out of the cache. The Near Hit is the service time of TCP_REFRESH_HIT requests which is successful cache revalidations sent by your Squid to the origin server or it's peers. Regards Henrik signature.asc Description: Detta är en digitalt signerad meddelandedel
[squid-users] how delay pools work ?
hello, if i have internet connection 1 mbps. and i set delay pool in squid, if someone download mp3 file, the speed is limit to 128 kbps. i want to know the speed that use by squid to download from origin server is 128 kbps ? or full speed (up to 1mbps) ? regards, adi
Re: [squid-users] how delay pools work ?
hello, if i have internet connection 1 mbps. and i set delay pool in squid, if someone download mp3 file, the speed is limit to 128 kbps. i want to know the speed that use by squid to download from origin server is 128 kbps ? or full speed (up to 1mbps) ? http://www.squid-cache.org/Doc/FAQ/FAQ-19.html#ss19.8 M.
[squid-users] Squid settings and Option Question
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 My College has a T-1 line that is maxed out most of the time. They also have some wireless lines connected to 1MB DSL lines and a new Cable Line that is setup at 4.2MB. I have a Fedora Core 4 machine setup with the Advnced Linux routing to connect the Cable and Wireless to the machine as default routes with equal weighting. My test lab is set to use this machine as the proxy, and I can see the load accessing both the wlan0 and the eth, so that is working. The access for regular pages seems slower, but accessing files that get in the cache seems excellent. Wondering if something in the options might be causing the problem. Non Comment lines from the squid.conf hierarchy_stoplist cgi-bin ? acl QUERY urlpath_regex cgi-bin \? no_cache deny QUERY maximum_object_size 32768 KB maximum_object_size_in_memory 128 KB cache_dir ufs /var/spool/squid 1 16 256 auth_param basic children 5 auth_param basic realm Squid proxy-caching web server auth_param basic credentialsttl 2 hours auth_param basic casesensitive off refresh_pattern ^ftp: 144020% 10080 refresh_pattern ^gopher:14400% 1440 refresh_pattern . 0 20% 4320 acl all src 0.0.0.0/0.0.0.0 acl manager proto cache_object acl localhost src 127.0.0.1/255.255.255.255 acl to_localhost dst 127.0.0.0/8 acl SSL_ports port 443 563 acl CONNECT method CONNECT http_access allow manager localhost http_access deny manager http_access deny !Safe_ports http_access deny CONNECT !SSL_ports acl our_networks src 202.128.71.0/24 202.128.72.0/24 202.128.73.0/24 202.128.79.0/24 192.168.201.0/24 192.168.2.0/24 192.168.3.0/24 192.168.4.0/24 192.168.5.0/24 192.168.6.0/24 192.168.7.0/24 192.168.8.0/24 202.131.0.0/16 http_access allow our_networks http_access allow localhost http_access deny all http_reply_access allow all icp_access allow all coredump_dir /var/spool/squid The squid -v is the default for the Fedora Core 4. Squid Cache: Version 2.5.STABLE13 configure options: --build=i386-redhat-linux --host=i386-redhat-linux -- target=i386-redhat-linux-gnu --program-prefix= --prefix=/usr --exec- prefix=/usr --bindir=/usr/bin --sbindir=/usr/sbin --sysconfdir=/etc -- datadir=/usr/share --includedir=/usr/include --libdir=/usr/lib -- libexecdir=/usr/libexec --localstatedir=/var --sharedstatedir=/usr/com --mandir=/usr/share/man -- infodir=/usr/share/info --exec_prefix=/usr --bindir=/usr/sbin -- libexecdir=/usr/lib/squid --localstatedir=/var --sysconfdir=/etc/squid --enable- poll --enable-snmp --enable-removal-policies=heap,lru --enable- storeio=aufs,coss, diskd,null,ufs --enable-ssl --with-openssl=/usr/kerberos --enable-delay-pools - --enable-linux-netfilter --with-pthreads --enable-ntlm-auth- helpers=SMB,winbind --enable-external-acl- helpers=ip_user,ldap_group,unix_group,wbinfo_group,winbind_group -- enable-auth=basic,ntlm --with-winbind-auth-challenge --enable-useragent-log --enable-referer-log --disable-dependency-tracking - - -enable-cachemgr-hostname=localhost --disable-ident-lookups --enable- truncate --enable-underscores --datadir=/usr/share --enable-basic-auth- helpers=LDAP,MSNT,NCSA,PAM,SMB,YP,getpwnam,multi-domain- NTLM,SASL,winbind On another machine I downloaded the latest squid source, and built it with the above options, but changing the poll and select to disable and epoll enabled as was recommended in another message. The compile seemed to work fine, but after doing the make install it had problems running. So, something seemed different in the config. So, it appears other changes, since it was trying to access squid.conf in chroot instead of /etc/squid/squid.conf. Thanks. +--+ Michael D. Setzer II - Computer Science Instructor Guam Community College Computer Center mailto:[EMAIL PROTECTED] mailto:[EMAIL PROTECTED] http://www.guam.net/home/mikes Guam - Where America's Day Begins +--+ http://setiathome.berkeley.edu Number of Seti Units Returned: 19,471 Processing time: 32 years, 290 days, 12 hours, 58 minutes (Total Hours: 287,489) BOINC [EMAIL PROTECTED] Total Credits 672424.413298 -BEGIN PGP SIGNATURE- Version: PGP 6.5.8 -- QDPGP 2.61c Comment: http://community.wow.net/grt/qdpgp.html iQA/AwUBRDX4EizGQcr/2AKZEQJqPwCgo8TytbaLg7lYEHc/h8Z4iHFJJmUAoL6S VSWnk38kQpVFL9odegBmZ7yH =qbkE -END PGP SIGNATURE-
Re: [squid-users] Squid settings and Option Question
My College has a T-1 line that is maxed out most of the time. They also have some wireless lines connected to 1MB DSL lines and a new Cable Line that is setup at 4.2MB. I have a Fedora Core 4 machine setup with the Advnced Linux routing to connect the Cable and Wireless to the machine as default routes with equal weighting. My test lab is set to use this machine as the proxy, and I can see the load accessing both the wlan0 and the eth, so that is working. ... - One, of the problems, I personally feel, is that the Redhat RPM builds come with all SQUID options enabled, during configure. This leads to a heavier exe and 'carried code' which isn't used. I always recomment to fetch the latest STABLE release and make a build (configure) with those configure options which you need and none other. This can also help in performance terms. M.
[squid-users] information needed
greetings i have just been given a task that may require squid. looking for your comments and suggestions on the best way to pursue this. users access a web page which provides them a link to an internal web server what i would like is to have squid Authenticate that user against either an Active directory or LDAP directory and fetch the web page for them. So only the squid server will speak to the internal site. I know it probably sounds simple enough, i need to do some reading and testing. Can someone point me in the right direction? Thanks --jeff
Re: [squid-users] Squid-cache clustering
I am curious about a related question: In reverse proxy scenarios, what are the options for load balancing cache misses among several origin server replicas? 1) Of course one could use a hardware load balancer in between squid and the origin servers. 2) It is my understanding that if DNS returns more than one address for a hostname, Squid can be configured to perform round-robin selection of an origin server. Are there any caveats to be aware of when persistent connections are used between squid and the origin servers? 3) It seems like the Redirector API could be used as a hook to do this kind of load balancing also, offering a convenient place to code custom health checks. Are there any other options? -Ben [EMAIL PROTECTED] wrote: Hi all, I just want to know if theres other way to cluster 2 or more Squid-cache/proxy? My idea of clustering 2 or more proxy is by using a layer 7 switch, define a common IP on the switch that will simoultaneously checks multiple proxy server. Any Idea is welcome and highly appreciated. Thank you very much Wennie
[squid-users] Delay Pools
Hi I am running Squid as a transparent Proxy and it all seems to work Ok. I am now trying to limit the bandwidth usage of certain users and I am using the example in 19.8 to limit a single user to 128 Kbps. Is there a option on the debug_options that I can enable so that I can see if it is actually working. Or is there another way to test. Thanks for the help
[squid-users] Squid, radius, invalid user auth problem
Hi, I'm having a problem with a Squid 2.5.stable3 installation using squid_radius_auth and a Websense redirector on Red Hat ES r3. At times you get out even with invalid username and/or password. When makes this more fun is that it's intermittent, so I don't think it's a basic acl problem. Squid is not my strong point, so I'd appreciate any advice on how to troubleshoot this. (Of course, I've inherited the Squid box as part of my new job, and this issue has just raised its ugly head. Here I've left it alone for a few weeks thinking Oh, it's Squid, it's working, I'll investigate it later, and now everyone's screaming.) If you enter a valid username and a password you get Internet access, as you would expect. If you enter an invalid username and an invalid password, you might get Internet access. It appears that the longer Squid is running, the greater chance you have of getting that access. If you enter a valid username and an invalid password, you get asked for a correct password. Three tries later, it kicks you out. Then hit refresh, enter your invalid password, and you *might* get out. Maybe not. It seems that if you refresh often enough and have a bit of patience, eventually you'll get out. I've checked the radius server with squid_rad_auth -f squid_rad_auth.conf and gotten the proper ERR and OK messages no matter what combination of username/password I try. We have 30 children for squid_rad_auth, but increasing it to 60 didn't help. Running with debug_options ALL,9 generates a lot of cache info messages, but grepping for my bogus username gives me stuff like: 2006/04/07 14:10:30| helperSubmit: blahuser_t euhtansoeuhtnsaoeu 2006/04/07 14:10:30| authenticateBasicDecodeAuth: cleartext = 'blahuser_t:euhtansoeuhtnsaoeu' 2006/04/07 14:10:30| authBasicAuthUserFindUsername: Looking for user 'blahuser_t' 2006/04/07 14:10:30| authBasicDecodeAuth: Found user 'blahuser_t' in the user cache as '0xa4f29e8' 2006/04/07 14:10:30| authenticateStart: 'blahuser_t:euhtansoeuhtnsaoeu' 2006/04/07 14:10:30| helperSubmit: blahuser_t euhtansoeuhtnsaoeu For the above two I get prompted again, but asking again got me in with: 2006/04/07 14:10:34| authenticateBasicDecodeAuth: cleartext = 'blahuser_t:88' 2006/04/07 14:10:34| authBasicAuthUserFindUsername: Looking for user 'blahuser_t' 2006/04/07 14:10:34| authBasicDecodeAuth: Found user 'blahuser_t' in the user cache as '0xa4f29e8' 2006/04/07 14:10:34| authenticateStart: 'blahuser_t:88' 2006/04/07 14:10:34| helperSubmit: blahuser_t 88 2006/04/07 14:10:34| aclMatchUser: user is blahuser_t, case_insensitive is 0 2006/04/07 14:10:34| helperSubmit: http://slashdot.org/ 10.184.184.193/- blahuser_t GET Any suggestions would be most appreciated. Thanks, ==ml -- Michael W. Lucas[EMAIL PROTECTED], [EMAIL PROTECTED] http://www.BlackHelicopters.org/~mwlucas/ The cloak of anonymity protects me from the nuisance of caring. -Non Sequitur
Re: [squid-users] Squid DNS problem
tor 2006-04-06 klockan 16:47 +0100 skrev Paul Collen: story. Is there a way to tell Squid to bypass local addresses or maybe manually set the DNS server it uses for lookups please? Yes. see squid.conf.default for instructions. Regards Henrik signature.asc Description: Detta är en digitalt signerad meddelandedel
Re: [squid-users] Squid, radius, invalid user auth problem
Hi, I'm having a problem with a Squid 2.5.stable3 installation using squid_radius_auth and a Websense redirector on Red Hat ES r3. At times you get out even with invalid username and/or password. When makes this more fun is that it's intermittent, so I don't think it's a basic acl problem. - Please upgrade to the latest STABLE release, verify your issue afterwards. M.
Re: [squid-users] two link and one gateway
fre 2006-04-07 klockan 00:28 +0200 skrev Mark Elsen: - Check whether the address specified corresponds to that of the interface address and it's current value, especially and also in terms of address part and subnet mask. And also don't forget to set up proper policy routing to send the correct traffic out to the correct provider. Just having the source IP set by tcp_outgoing_address is not entirely sufficient as routing normally does not care about source addresses and will still route the traffic out your primary default route (which should be the static one..) Regards Henrik signature.asc Description: Detta är en digitalt signerad meddelandedel
Re: [squid-users] information needed
greetings i have just been given a task that may require squid. looking for your comments and suggestions on the best way to pursue this. users access a web page which provides them a link to an internal web server what i would like is to have squid Authenticate that user against either an Active directory or LDAP directory and fetch the web page for them. So only the squid server will speak to the internal site. I know it probably sounds simple enough, i need to do some reading and testing. Can someone point me in the right direction? Thanks - The FAQ on access controls and authentication is a good place to start; as far as LDAP is concerned, if I remember correctly it has a man page in the .../src/helpers/_some_ldap_dir , sorry that I can't be more precise at the moment. M.
Re: [squid-users] Squid-cache clustering
fre 2006-04-07 klockan 11:25 +0300 skrev [EMAIL PROTECTED]: Hi all, I just want to know if theres other way to cluster 2 or more Squid-cache/proxy? Yes, in a number of different ways. In principle a proxy is just a server like any with the big difference that there is no unique data except for the config file which needs to be shared among the members of the cluster, so it's about the simplest service you can find to cluster.. Possible methods: - Layer 7 load balancers - Normal clustering using virtual IP addresses and software within the cluster monitoring the state of other nodes and taking over IP addresses when needed, and having clients distributed among these addresses using external configuration (proxy.pac, manual config etc..) - Client-side load balancing using proxy.pac scripts. - round-robin DNS based load balancing and probably a few additional methods as well.. If you use authentication then there is a few additional things to consider: - Basic authentication is per proxy name, so proxy.pac based load balancing may be a bit annoying unless the users is kept on the same proxy during his whole session - NTLM/Kerberos and to some extent digest authentication is a bit picky about the server identity so layer 7 load balancing may not be the best there (easily confuses clients unless the setup is carefully done). Regards Henrik signature.asc Description: Detta är en digitalt signerad meddelandedel
Re: [squid-users] Squid-cache clustering
fre 2006-04-07 klockan 09:53 -0700 skrev Ben Drees: I am curious about a related question: In reverse proxy scenarios, what are the options for load balancing cache misses among several origin server replicas? I would make each origin a peer to Squid, allowing Squid to use round-robin etc for balancing the load.. Just remember to set the connect timeout fairly short for better failover performance. 2) It is my understanding that if DNS returns more than one address for a hostname, Squid can be configured to perform round-robin selection of an origin server. Are there any caveats to be aware of when persistent connections are used between squid and the origin servers? Yes, and it does by default. The problem is if/when there is a problem with one server, it may then become very hard to make Squid use that server again.. 3) It seems like the Redirector API could be used as a hook to do this kind of load balancing also, offering a convenient place to code custom health checks. I would avoid this if possible. Redirectors is quite resource demanding, and it's tricky to get the setup correct when rewriting the URLs while proxied... (cache gets split, backends may get confused about the actual requested domain etc..) Regards Henrik signature.asc Description: Detta är en digitalt signerad meddelandedel
[squid-users] Rewrite original IPs
Hi to all, Is it possible squid to rewrite original IP of client computer instead of putting IP of squid host . Thanks in Advance
Re: [squid-users] Squid, radius, invalid user auth problem
fre 2006-04-07 klockan 14:49 -0400 skrev Michael W. Lucas: 2006/04/07 14:10:34| helperSubmit: blahuser_t 88 2006/04/07 14:10:34| aclMatchUser: user is blahuser_t, case_insensitive is 0 2006/04/07 14:10:34| helperSubmit: http://slashdot.org/ 10.184.184.193/- blahuser_t GET The interesting part is what is going on between the first two lines above.. Squid queried the auth helper, but what response did it get? Regards Henrik signature.asc Description: Detta är en digitalt signerad meddelandedel
Re: [squid-users] Setting up the poly graph test for squid
tor 2006-03-30 klockan 11:32 -0800 skrev Balu: But while starting the polyclient with the command 000.06| fyi: no real host addresses for Robot side specified; will not attempt to create agent addresses 000.07| created 0 agents total bin/polyclt: no Robot matches local interface the station where you run attempted to run policlnt does not have any configued IP addresses matching your test profile... Please follow the instructions how-tos for the workload you selected carefully. They contain fairly detailed instructions on every detail you need to think of.. http://www.web-polygraph.org/docs/workloads/ http://www.measurement-factory.com/docs/ Regards Henrik signature.asc Description: Detta är en digitalt signerad meddelandedel
Re: [squid-users] Squid, radius, invalid user auth problem
On Fri, Apr 07, 2006 at 11:49:48PM +0200, Henrik Nordstrom wrote: fre 2006-04-07 klockan 14:49 -0400 skrev Michael W. Lucas: 2006/04/07 14:10:34| helperSubmit: blahuser_t 88 2006/04/07 14:10:34| aclMatchUser: user is blahuser_t, case_insensitive is 0 2006/04/07 14:10:34| helperSubmit: http://slashdot.org/ 10.184.184.193/- blahuser_t GET The interesting part is what is going on between the first two lines above.. Squid queried the auth helper, but what response did it get? Unfortunately, that's all that's in the log. I'm on squid_radius_auth 1.07, and couldn't find any logging options for it. I'll be upgrading to the latest 2.5 this weekend, we'll see what happens. ==ml -- Michael W. Lucas[EMAIL PROTECTED], [EMAIL PROTECTED] http://www.BlackHelicopters.org/~mwlucas/ The cloak of anonymity protects me from the nuisance of caring. -Non Sequitur pgprykyqNYOPK.pgp Description: PGP signature