Hi, > Is this possible? yes, *if* the password is provided by the client - many types of auth dont provide a password in the clear (ie in the User-Password attribute.) but putting a password to disk at any time is bad practice...... alan