Hi All, My company runs an application that hashes/encrypts user passwords in a central postgres DB. I have a bash script that can be run remotely to check a username and password against it: ./script.sh <user> <plaintext_pass> The end goal is to store the username and encrypted password on the local FR postgres DB, but always/only check the password against the central DB. This will account for any password/permissions changes that occur on the application DB. My fear is that I will not be able to use EAP or CHAP (and their various sub-types) because of client-side password hashing. It seems that PAP will be the only usable solution because it would still provide the server with a plaintext password to be passed into the script. But I run into security issues with PAP. Does anyone know of a proper method that would allow me to check all user credentials against the external DB while still remaining secure throughout the entire process? Thanks in advance, David -- David Teston PINES System Administrator