Problem: Allowing users who have no rights to the Zope management interface to change their own passwords using an dtml method that collects at least the following from the user: Old Password New Password Confirm New Password Creating a form to do this is easy if you're using XUF and you are storing account info in a Postgres database for example (See pgAuthSource / pgAuthSourceAlt of exUserFolder) When using stock acl_users I found it got a little ugly. I thought the below would work for checking that the user changing the password actually knew the old password and was not just someone walking up to someone else's computer at lunchtime: <dtml-if "_.SecurityGetUser().authenticate(REQUEST.form['oldPassword'], REQUEST)"> But last time I looked it didn't work without making a change to Zope's AccessControl/User.py. Changing this: def __allow_access_to_unprotected_subobjects__(self, name, value=None): deny_names=('name', '__', 'roles', 'domains', '_getPassword', 'authenticate', '_shared_roles') if name in deny_names: return 0 return 1 To this: def __allow_access_to_unprotected_subobjects__(self, name, value=None): deny_names=('name', '__', 'roles', 'domains', '_getPassword', '_shared_roles') if name in deny_names: return 0 return 1 Of course doing that potentially opens up a whole new can of worms... Am I missing something? Is there a way to do a change password form for users defined in acl_users that checks the old password first without also hacking User.py? Adam