>And why use :=? Not == (more secure)? > Because Cleartext-Password is an internal server attribute that doesn't exist in the request. You are "telling" the server what's the password, not comparing it with something that is in the request. Ivan Kalik Kalik Informatika ISP