I have painted myself into a nifty corner. My client's site is protected at the root by an acl folder. Those who are not in the acl folder have view privileges only. This works fine. I just added a new feature to my client's site. He wants this capability available to anyone to whom he gives a specific password. I wrote a Python script that generates the password and a page for my client to auto-generate a new random password and to see what the current password is. This works fine as well. The problem is, since I'm not even asking people for a user name here, only a password, and since the site is protected from access via the acl folder, his clients can't get past the password screen because the acl logic presents a challenge for a user name and password which, of course, these folks don't have. It occurred to me at one point that I could define an acl user called, e.g., "client" and then perhaps revise the Python script so that instead of storing the newly generated password in a DTML document, it would update the password property for that user in the acl folder. But it wasn't very obvious to me how to do that. And while I don't *mind* having them have to type in a generic user name, it's more elegant if they don't have to do so. What's the easiest way to address this issue? I looked through a year's worth of email digests and I searched zope.org, but I couldn't find an answer. Thanks.