|
| |
| Sun Java(TM) System Directory Server 5 2004Q2 �z��n | |
�� 7 ��
�z�ϥΪ̱b��M�K�X�ϥΪ̳s�u�� Directory Server �ɡA�t�η|���ҸӨϥΪ̡A�ؿ�|�ھ����Ҵv��ҫإߪ�����A�»P�ϥΪ̦s���v�Q�M�귽����C
�����y�z�ϥΪ̱b��z���u�@�A�]�A�t�m�ؿ�K�X�M�b����w�����A���αb��ΨϥΪ̸s�ըϨ�L�k�s��ؿ�A�H�ήھڨϥΪ̪��s�� DN ����ϥΪ̥i�Ϊ��t�θ귽�C
Directory Server �䴩�ӧO�K�X�����C�i�H�w�q���P���K�X�����A�����ƶq�����A�ñN�䤤��@�ӵ����M�Φb��w�ϥΪ̩ΨϥΪ̸s�աC�o�˥i�H��e���P�������ϥΪ̦s��ؿ�覡�C
�����]�t�U�C���`�G
�K�X���������w�����K�X������z�L�j����U�C�U���A��P�e��Q�q��K�X���p�����I���̧ܳC�G
Directory Server �䴩�ӧO�M����K�X�����C�ӧO�K�X�����Ѿ𪬥ؿ���n���ةw�q�A�Ӧ��n���ئA�Ѩ㦳�ӵ������ϥΪ̶��ذѦҡC�p�G�ϥΪ̶��ؤ��ѦҭӧO�����A�N�N cn=PasswordPolicy,cn=config ��������K�X�����M�ΦܸӨϥΪ̶��ؤW�C
�K�X�����ȮM�Ω� userPassword �ݩ� (�p�G�s�b��ϥΪ̶��ؤ�)�A�îھڦ��ݩʶi�����Үɱj���I�C�L�̵L�k�M�Φb�Ҧp SASL GSSAPI �� SSL ���ҵ���L���ҡC
�U�@�`����p����K�X�����A�H�Φp��N�o�ǵ�����ϥΪ̩M�s�աC�p�ݸԲӸ�T�A�аѾ\�mDirectory Server Deployment Planning Guide�n Chapter 7 �� "Designing Password Policies"�C
�t�m����K�X��������K�X�����A�Ω�ؿ�w�q�ӧO�������Ҧ��ϥΪ̡C��O����K�X���A�Ω�ؿ�z��C
�ϥΥD���x�t�m�K�X����
�Y�n�]�w�έק� Directory Server ������K�X�����G
- �b Directory Server Console �̤W�h�� [�պA] ���ҤW�A��� [���] �`�I�A�M����k���O�W�� [�K�X] ���ҡC
- �b [�K�X] ���ҤW�A�]�w�������U�C����G
- ��� [���]��ϥΪ̥����ܧ�K�X] �֨���A��w�ϥΪ̥����b�Ĥ@���n�J���ܧ�L�̪��K�X�C
�p�G���o�Ӯ֨���A�h�u���v�ؿ�z��i�H���]�ϥΪ̪��K�X�C�@���z�v�����ϥΪ̵L�k�j���ϥΪ̧�s�L�̪��K�X�C
- �Y�n���\�ϥΪ��ܧ�ۤv���K�X�A�п�� [�ϥΪ̥i�H�ܧ�K�X] �֨���C
- �Y�n����ϥΪ��ܧ�K�X���W�v�A�Цb [���\�b X �Ѥ��ܧ�] ��r����J�ѼơC�Y�n���\�ϥΪ̵�ݭn��N�ܧ�ۤv���K�X�A�п�� [�L����] �֨���C
- �Y�n����ϥΪ̤@�A���ƨϥΦP�@�ӱK�X�A�п�� [�O�d�K�X�O��] �֨���A�ë�w��A���� [�O�� X �K�X] ��r�����C�ӨϥΪ̫O�d���K�X�ƶq�C�u�n�K�X���s�b�M�椤�A�ϥΪ̴N�L�k�]�w�ӱK�X�C�����İ_���A�z�]3�ӭ���ϥΪ��ܧ�K�X���W�v�C
- �p�G���Ʊ�ϥΪ̱K�X�L�aA�п�� [�K�X�ä[����] ����s�C
- �_�h�A�п�� [�K�X�b X �����] ����s�A�j���ϥΪ̩w���ܧ�K�X�A�M���J�ϥΪ̱K�X�O��Ī��ѼơC
- �p�G�����K�X�|��aA�h�i�H�b [�b�K�X��ke X �Ѷǰeĵ�i] ��줤�A��w�b�K�X��ke�h�[���ǰeĵ�i���ϥΪ̡C
�ϥΪ̦���ĵ�i�ɡA�K�X�N�b���h�aC����� [�L�O�_�ǰeĵ�i�A���\���] �֨���A�i�����nɶ��A��ǰeĵ�i���@�q���㪺ĵ�i�v��Cĵ�i�M���qN�u�|�U�o�ͤ@���C�p�G�ϥΪ̦b�K�X��k�s���A�h���e���n�J�C
- �p�G�z�Ʊ��A���ˬd�ϥΪ̱K�X���y�k�A�H�T�w�ӱK�X�ŦX�K�X�����ҳ]�w���̤p�ݨD�A�п�� [�ˬd�K�X�y�k] �֨���C�M��A�b [�K�X�̤p���] ��r����w�K�X�i����̵u��סC
- �̹w�]�ȡA�ؿ�z��L�k���]�H�ϱK�X�������K�X�A�Ҧp���ƨϥΰO��K�X�C��� [���\�ؿ�z��L�K�X����] �֨���h�i���\���@�k�C
- �q [�K�X�[�K] �U�Ԧ��\��?�A��w�z�Ʊ��A���x�s�K�X�ɩҨϥΪ��[�K��k�C
- ��@�U [�b����w] ���ҡA�ÿ�� [�b�ᥲ����w] �֨���H�w�q�b����w�����G
- ��J�n�J���Ѧ��ƩM�n�J���Ѵv��A���ѥ����b�o�q�v��o�Ӧ��ƫ�~�|IJ����w�C
- ��� [�û���w] ����s�A����w�����ä[�ʡA����ؿ�z��]�ϥΪ̱K�X����C
- �_�h�A��� [��w����v�] ����s�A�ÿ�J�ϥΪ̱b��N�Ȯ���w�����|ơC
- �����K�X�������ܧ��A�Ы�@�U [�x�s]�C�N�ߧY�j����s������K�X�����C
�q��O��]�w�K�X����
����K�X������ cn=Password Policy,cn=config ���ت��ݩʩw�q�C�Шϥ� ldapmodify ���ε{���ܧ��ؤ������쵦���C
����K�X�������Ҧ��i���ݩʪ��w�q�A�аѾ\�mDirectory Server Administration Reference�nChapter 2 �� "cn=Password Policy"�C
�Ҧp�A�w�]���p�U�|��K�X�y�k�M����ˬd�A�ð��αb����w�C�ϥΤU�C��O�i�}�һy�k�ˬd�A�N�̵u��׳]�� 8�A�ñҥ� 5 ���j��Ȯɩ���w�A�b�s�� 5 ����~���K�X�xի�N�b����w�G
ldapmodify -h host -p port -D "cn=Directory Manager" -w password
dn:cn=Password Policy,cn=config
changetype:modify
replace:passwordCheckSyntax
passwordCheckSyntax:on
-
replace:passwordMinLength
passwordMinLength: 8
-
replace:passwordLockout
passwordLockout:on
-
replace:passwordMaxFailure
passwordMaxFailure: 5
-
replace:passwordLockoutDuration
passwordLockoutDuration: 300
-
replace:passwordUnlock
passwordUnlock:on
�z�ӧO�K�X�����ӧO�K�X�����w�q��t passwordPolicy �������O�����n���ؤ��C�����i�w�q�b�𪬥ؿ����m�A��O�� DN ���榡�����O cn=policy name,subtree�C�ϥ� Directory Server Console �Ϋ�O�椽�ε{���w�q�K�X������A�b�ҭn���ϥΪ̶��ؤ��]�w passwordPolicySubentry �ݩʧY�i��K�X�����C
�b�o�@�`���A�ڭ��|�һ���𪬤l�ؿ�ڳ���b dc=example,dc=com �� Example.com ����{�ɭ�u���K�X�����C
�ϥΥD���x�w�q����
- �b Directory Server Console �̤W�h�� [�ؿ�] ���ҤW�A��ܭn�w�q�ӧO�K�X�������n���ت����ءC
- �H�ƹ��k���@�U���ءA�ÿ�� [�s�W] > [�K�X����]�C�Ϊ̡A�H�ƹ������@�U���إH���Ӷ��ءA�A�q [����] �\��?��� [�s�W] > [�K�X����]�C
��� [�K�X����] ���ت��ۭq�s�边�C
- �b [�@��] ��줤�A��J���������W�٩M��δy�z�C�o�ӦW�ٱN�����w�q���������n���ت� cn �R�W�ݩʭȡC
- ��@�U [�K�X] ���ҥH�]�w�������U�C���!G
- ��� [���]��ϥΪ̥����ܧ�K�X] �֨���A��w�ϥΪ̥����b�Ĥ@���n�J���ܧ�L�̪��K�X�C�p�G���o�Ӯ֨���A�h�u���v�ؿ�z��i�H���]�ϥΪ̪��K�X�C�@���z�v�����ϥΪ̵L�k�j���ϥΪ̧�s�L�̪��K�X�C
- �Y�n���\�ϥΪ��ܧ�ۤv���K�X�A�п�� [�ϥΪ̥i�H�ܧ�K�X] �֨���C
- �Y�n����ϥΪ��ܧ�K�X���W�v�A�Цb [���\�b X �Ѥ��ܧ�] ��r����J�ѼơC�Y�n���\�ϥΪ̵�ߦn��N�ܧ�ۤv���K�X�A�п�� [�L����] �֨���C
- �Y�n����ϥΪ̤@�A���ƨϥΦP�@�ӱK�X�A�п�� [�O�d�K�X�O��] �֨���A�ë�w��A�����C�ӨϥΪ̫O�d���K�X�ƶq�C�u�n�K�X���s�b�M�椤�A�ϥΪ̴N�L�k�]�w�ӱK�X�C�����İ_���A�z�]3�ӭ���ϥΪ��ܧ�K�X���W�v�C
- �p�G���Ʊ�ϥΪ̱K�X�L�aA�п�� [�K�X�ä[����] ����s�C
- �_�h�A�п�� [�K�X�b X �����] ����s�A�j���ϥΪ̩w���ܧ�K�X�A�M���J�ϥΪ̱K�X�O��Ī��ѼơC
- �p�G�����K�X�|��aA�h�i�H��w3�b�K�X��ke�h�[���ǰeĵ�i���ϥΪ̡C�Цb [�b�K�X��ke X �Ѷǰeĵ�i] ��r���A��J�n�b�K�X��ke3�ǰeĵ�i���ѼơC
�ϥΪ̦���ĵ�i�ɡA�K�X�N�b���h�aC����� [�L�O�_�ǰeĵ�i�A���\���] �֨���A�i�����nɶ��A��ǰeĵ�i���@�q���㪺ĵ�i�v��Cĵ�i�M���qN�u�|�U�o�ͤ@���C�p�G�ϥΪ̦b�K�X��k�s���A�h���e���n�J�C
- �p�G�z�Ʊ��A���ˬd�ϥΪ̱K�X���y�k�A�H�T�w�ӱK�X�ŦX�K�X�����ҳ]�w���̤p�ݨD�A�п�� [�ˬd�K�X�y�k] �֨���C�M��A�b [�K�X�̤p���] ��r����w�K�X�i����̵u��סC
- �̹w�]�ȡA�ؿ�z��L�k���]�H�ϱK�X�������K�X�A�Ҧp���ƨϥΰO��K�X�C��� [���\�ؿ�z��L�K�X����] �֨���h�i���\���@�k�C
- �q [�K�X�[�K] �U�Ԧ��\��?�A��w�z�Ʊ��A���x�s�K�X�ɩҨϥΪ��[�K��k�C
- ��@�U [��w] ���ҡA�ÿ�� [�b�ᥲ����w] �֨���H�w�q�b����w�����G
- ��J�n�J���Ѧ��ƩM�n�J���Ѵv��A���ѥ����b�o�q�v��o�Ӧ��ƫ�~�|IJ����w�C
- ��� [�û���w] ����s�A����w�����ä[�ʡA����ؿ�z��]�ϥΪ̱K�X����C
- �_�h�A��� [��w����v�] ����s�A�ÿ�J�ϥΪ̱b��N�Ȯ���w�����|ơC
- �b�ۭq�s�边����@�U [�T�w] �H�x�s�����A�ëإߨ䦸�n���ءC
�q��O��w�q����
��K�X�����A�Q���z�Ʊ��{�ɭ�u���K�X�b 100 �� (8,640,000 ��) ���aA�ӥB�q�K�X��ke 3 �� (259,200 ��) �_�A�|�b�ϥΪ̳s���ɶǦ^���ĵ�i�C�}�һy�k�ˬd�H�j���K�X�w���ʶi��̰��ˬd�A�ñj����w�H����J�I�̥�ϳz�L�r�妡��;�}�ѱK�X�C�ܩ�����L����A�h�M�ιw�]�ȡC
�b dc=example,dc=com �U�[�J�U�C���n���ءA�ǥH�b example.com �𪬤l�ؿ�w�q���K�X�����G
ldapmodify -a -h host -p port -D "cn=Directory Manager" -w password
dn:cn=TempPolicy,dc=example,dc=com
objectClass:top
objectClass:passwordPolicy
objectClass:LDAPsubentry
cn:TempPolicy
passwordStorageScheme:SSHA
passwordChange:on
passwordMustChange:on
passwordCheckSyntax:on
passwordExp:on
passwordMinLength: 6
passwordMaxAge: 8640000
passwordMinAge: 0
passwordWarning: 259200
passwordInHistory: 6
passwordLockout:on
passwordMaxFailure: 3
passwordUnlock:on
passwordLockoutDuration: 3600
passwordResetFailureCount: 600����K�X�������Ҧ��i���ݩʪ��w�q�A�аѾ\�mDirectory Server Administration Reference�nChapter 2 �� "cn=Password Policy"�C
��w�K�X����
��ӧO�K�X�����]�A��V�A�?�������n���ءC�i�H�N�����[�J��@���ؤ��@�� passwordPolicySubentry ���ȡA�Ϊ̥i�� CoS �M����Ӻz�����C�z�]�����]�w�s���A�H����ϥΪ̭ק�M�Φb�ϥΪ̤W���K�X�����C
�ϥΥD���x
Directory Server �D���x���ѤF�����A�i�Ω�z��ϥΪ̩θs�ժ��K�X�����G
- �b Directory Server Console �̤W�h�� [�ؿ�] ���ҤW�A��ܭn��έק�ӧO�K�X�������ϥΪ̶��ةθs�ն��ءC
- �H�ƹ��k���@�U���ءA�ÿ�����\��?�� [�]�w�K�X����]�C�Ϊ̡A�b���ؤW��@�U�ƹ�����H���ءA�M���� [����] �\��?�� [�]�w�K�X����]�C
- [�K�X����] ��ܤ��i�D�z�����ؾA�έ��ӱK�X�����G
- �p�G�A�Υ��쵦���A�Ы�@�U [��] ��ܾ𪬥ؿ����m���K�X�������n���ءC
- �p�G�w�w�q�ӧO�����A�h�i��N�B�����νs��ӵ����C��@�U [�s�赦��] �N�Ұʫ�W���������n���ت��ۭq�s�边�C
��Ψ�N�K�X�����N�Ұʥؿ��s���ܤ��A�b���B�i�H�����ܤp�_�ϥܪ��K�X�������n���ءC
- �p�G�w�ܧ��A�Цb [�K�X����] ��ܤ���@�U [�T�w]�C�s�����N�ߧY�ͮġC
�q��O��
�Y�n�N�K�X������ϥΪ̶��ةθs�ն��ءA�бN�K�X������ DN �[�J���� passwordPolicySubentry �ݩʪ��ȡC�Ҧp�A�U�C��O�N�� cn=TempPolicy,dc=example,dc=com �� Barbara Jensen�G
ldapmodify -h host -p port -D "cn=Directory Manager" -w password
dn:uid=bjensen,ou=People,dc=example,dc=com
changetype:modify
add:passwordPolicySubentry
passwordPolicySubentry:cn=TempPolicy,dc=example,dc=com�ϥΨ���M CoS
�N�ϥΪ̨̨���2ծɡA�i�H�ϥ� CoS �H��V�A�?�������n���ءC�p�ݨϥΨ���M CoS ���ԲӸ�T�A�аѾ\�� 5 ���u�z����M����v�C
�|�Ҩӻ��A�U�C��O�|�� Example.com ���{�ɭ�u�إ߿z�諸����A�ë� cn=TempPolicy,dc=example,dc=com ���֦��Ө��⪺��u�G
ldapmodify -a -h host -p port -D "cn=Directory Manager" -w password
dn:cn=TempFilter,ou=people,dc=example,dc=com
objectclass:top
objectclass:LDAPsubentry
objectclass:nsRoleDefinition
objectclass:nsComplexRoleDefinition
objectclass:nsFilteredRoleDefinition
cn:TempFilter
nsRoleFilter:(&(objectclass=person)(status=contractor))
description:filtered role for temporary employees
dn:cn=PolTempl,dc=example,dc=com
objectclass:top
objectclass:nsContainer
dn:cn="cn=TempFilter,ou=people,dc=example,dc=com",
cn=PolTempl,dc=example,dc=com
objectclass:top
objectclass:extensibleObject
objectclass:LDAPsubentry
objectclass:costemplate
cosPriority: 1
passwordPolicySubentry:cn=TempPolicy,dc=example,dc=com
dn:cn=PolCoS,dc=example,dc=com
objectclass:top
objectclass:LDAPsubentry
objectclass:cosSuperDefinition
objectclass:cosClassicDefinition
cosTemplateDN:cn=PolTempl,dc=example,dc=com
cosSpecifier:nsRole
cosAttribute:passwordPolicySubentry operational�㦳 contractor ���A���ϥΪ̲{�b�ܦ�����u cn=TempPolicy,dc=example,dc=com �K�X�����C
�O�@�ӧO�K�X����
�Y�n����ϥΪ̭ק�ҮM�Ϊ��K�X�����A�z�]�����b�ڶ��إ[�J����H�U�� ACI�G
ldapmodify -h host-p port -D "cn=Directory Manager" -w password
dn:dc=example,dc=com
changetype:modify
add:aci
aci:(targetattr != "passwordPolicySubentry")(version 3.0; acl
"Allow self modification except for passwordPolicySubentry";
allow (write) (userdn ="ldap:///self");)
���]�ϥΪ̱K�X�ؿ�N�K�X���x�s�b�ϥΪ̶��ت� userPassword �ݩʤ��C�ھڦ�A�����b�ᱱ��]�w�ȡA�ϥΪ̥i�H�̷ӱz��w���K�X�����A�ϥμзǤu��ӳ]�w userPassword�A�Ҧp ldapmodify�C
�p�G�o�ͥä[���b����w (�b�K�X�������A�ϥΪ̾ާ@�ݩ� accountUnlockTime �� 0�A�B passwordUnlock �� off)�A�h�i�N�K�X���]���ؿ�z��H�Ѱ��ϥΪ̱b�᪺��w�C�Ҧp�A���] Example.com �ؿ�ϥΪ� Barbara Jensen �]���ѰO�S�@�A�q��K�X�A�ӳQ�ä[��w�G
ldapmodify -h host -p port -D "cn=Directory Manager" -w password
dn:uid=bjensen,ou=People,dc=example,dc=com
changetype:modify
replace:userPassword
userPassword:ChAnGeMe�p�G�K�X�������� passwordMustChange �� on�ABarbara �b�U�@���s���ᥲ���ܧ�K�X�C�O�o�i�D�o�A�z�w�g�N�K�X�令 ChAnGeMe (�̦n�O�z�L�w�����D)�C
���λP�ҥΨϥΪ̻P�����i�H�Ȯɦa���γ�@�ϥΪ̱b��Τ@�ձb��C�@�����Ϋ�A�ӨϥΪ̫K�L�k�s���ܥؿ�C���ҧ@�~�N�|���ѡC
���`�����{�ǥi�ΨӥH�ۦP�覡���ΨϥΪ̩M����C�M�ӷ�z���Ψ���ɡA���Ϊ��O���⪺����A�Ӥ��O���ⶵ�إ����C�p����⪺�@���T�A�H�Ψ���p��P�s���ʪ��S���T�A�аѾ\�� 5 ���u�z����M����v�C
�ϥΥD���x�]�w�ϥΪ̻P����ҥ�
- �b Directory Server Console �̤W�h�� [�ؿ�] ���ҤW�A�s��𪬥ؿ�A�H��ܭn���Ωέ��s�ҥΪ��ϥΪ̶��ةΨ��ⶵ�ءC
- �s���U���إH��ܦۭq�s�边�A�A��@�U���椤�� [�b��] ���ҡC
�k���O����ܶ��ت��ҥΪ��A�C
- ��@�U��s�H���ΩαҥλP�����ع�3���ϥΪ̩Ψ���C�s�边���ϥΪ̩Ψ���ϥܤW�|��ܤ@�Ӭ����A�æ��@����L�A��ܶ��اY�N���ΡC
- ��@�U [�T�w] ���ܤ��A�x�s���طs���ҥΪ��A�C
�}�Ҧۭq�s�边���@�ӱ��|�A�u�n���ءA�A�q [����] �\��?��� [�ҥ�] �� [����] �Y�i�C
�i�H�q [�D���x] �� [�˵�] > [���] �\��?��� [���Ϊ��A]�A�Y�i�˵���ؿ�ҥΪ��A�C�M��A�Ҧ����ζ��ت��ϥܴN�|��ܦ�������L�C���רϥΪ̶��جO�������ΡA�άO�z�L���⦨����Y���ΡA���|��ܨϥΪ̶��إ��T���ҥΪ��A�C
�q��O��]�w�ϥΪ̻P����ҥ�
�Y�n���ΨϥΪ̱b��Ψ��⪺����A�Шϥ� directoryserver account-inactivate ��O�C�Y�n�Ұʩΰ���ϥΪ̩Ψ���A�Шϥ� directoryserver account-activate ��O�G
�U�C��O��ܦp��ϥγo�ǫ�O���ΦA���s�ҥ� Barbara Jensen ���ϥΪ̱b��G
/usr/sbin/directoryserver account-inactivate -h host -p port -D "cn=Directory\
Manager" -w password -I "uid=bjensen,ou=People,dc=example,dc=com"/usr/sbin/directoryserver account-activate -h host -p port -D "cn=Directory\
Manager" -w password -I "uid=bjensen,ou=People,dc=example,dc=com"�b�o��ի�O���A-I �ﶵ��w�n�]�w�ҥΪ��A���ϥΪ̩Ψ��⪺ DN�C
�p�ݸԲӸ�T�A�аѾ\�mDirectory Server Administration Reference�nChapter 1 "account-activate" �M "account-inactivate"�C
�]�w�ӧO�귽�����i�H�ϥλP�ؿ�s�����Τ��3�ε{���W���S��ާ@�ݩʭȡA����j�M�@�~����A������C�i�H�]�w�U�C�j�M�@�~����G
�z��S�w�ϥΪ̳]�w���귽����A���u��ǰ���z�b�����A���պA���ҳ]�w���w�]�귽����C�z3�ӽT�{�x�s�ӧO�귽����ݩʨ��O�@�A���|�Q�]�t�ϥΪ̶��ت��=X�W���U�C ACI �ۧڭק�G
(targetattr != "nsroledn || aci || nsLookThroughLimit || nsSizeLimit || nsTimeLimit || nsIdleTimeout || passwordPolicySubentry || passwordExpirationTime || passwordExpWarned || passwordRetryCount || retryCountResetTime || accountUnlockTime || passwordHistory || passwordAllowChangeTime")(version 3.0; acl "Allow self entry modification except for nsroledn, aci, resource limit attributes, passwordPolicySubentry and password policy state attributes"; allow (write)userdn ="ldap:///self";)
�ϥΥD���x�]�w�귽����
�q��O��]�w�귽����
�ϥ� ldapmodify ��O�i�H�b�ϥΪ̶��ؤW�]�w�U�C�ݩʡA�H����ӨϥΪ̪��귽�ϥα��ΡG
�Ҧp�A�i�H�̤U�C�覡��� ldapmodify �H�]�w���ت��j�p����G
ldapmodify -h host -p port -D "cn=Directory Manager" -w password
dn:uid=bjensen,ou=People,dc=example,dc=com
changetype:modify
add:nsSizeLimit
nsSizeLimit: 500ldapmodify ���z���N nsSizeLimit �ݩʥ[�J Barbara Jensen �����ؤ��A�ñN��j�M�Ǧ^���j�p��� 500 �Ӷ��ءC