All, LoginManager is now working well... We've got a bespoke application for storing our (very large) user account database here. One field a user can have is a crypted unix password (which I'm currently using to authenticate users). The other thing that can exist is the Subject or SubjectAltName of an SSL certificate suitable for client web authentication. I'd like some users (who are *not* technically strong) to have access to the web frontend without having to type a password - they have had a visit from a member of staff to install a client certificate, and just "point and go". How would I go about making LoginManager authenticate them on the basis of the certificate subject? Apache will validate the certificate for me (by passing a valid CA cert to it's configuration) and I'm running over PCGI, so by the time we get into Zope, we can "TRUST" the SSL_CLIENT_S_DN and SSL_CLIENT_I_DN values passed in. What's the next step? Regards, Phil +----------------------------------+ | Phil Mayers, Network Support | | Centre for Computing Services | | Imperial College | +----------------------------------+