Andre Schubert writes:

... direct access to authentication credentials ... You cannot ask Zope about the user identity because it does not visit the authenticating user folder in the described case.

If you use basic authentication (the Zope default), then you can read "REQUEST._auth" to get the AUTHENTICATION header content which in turn tells you the user (after base64 decoding). The leading "_" tells you that there is no way to access it from DTML or Python Script. You will need an external method. If you use cookie authentication, you can look at the cookie. It may show the username in a readable form. Dieter