Hi, > What would be the best way to handle user passwords in this scenario? > What I'm trying to achieve is a safe password storage/management, > i.e. if the userdb gets stolen. Clearly cleartext password and NT > hash are not sufficient in this situation. use certs instead for the authentication? alan