We've been busy. :) One minor but nice feature is that the debug messages are now indented, based on syntax. e.g. previously, for a nested "if" statement, we had: ... if .. if we now have: if (...) if (...) which is a bit easier to read. For people doing CoA, the "session-state" functionality has now been added to the "originate-coa" functionality. This lets you re-authorize a user, without checking passwords. See the following link for details: https://tools.ietf.org/html/rfc5176#section-3.2 When originating a CoA packet, you can do: update session-state { ... attributes ... } When the NAS sends an Access-Request, you can check it: if (Service-Type && (Service-Type == Authorize-Only)) { if (!session-state) { reject } ... re-authorize the user ... he's already authenticated! } That re-authorization was pretty much impossible before. It's now trivial. Alan DeKok.