Help please! I'm building a comprehensive education resource based on Zope for my school, and I'm trying to learn Zope internals. We are running Apache 2.0.43 with mod-Perl 5.8.0 and Zope 2.5.1, currently on the same machine. Apache serves some content and uses virtual host and proxy for content in Zope with a VirtualHostMonster. Authentication of protected resources works like this: when a request for a protected resource is received, Apache calls a Perl script to check a special cookie from the user's browser. The cookie has the user name and a hash of several values. If the cookie is absent or invalid, the user is directed to a secure campus server which asks for the user name and password, authenticates it against a Kerberos system, places the cookie and redirects the user back to our site. At that point the Perl script finds a valid cookie and allows access. All of this works perfectly! I can get the cookie in the REQUEST object in Zope. I can populate Zope with users. I would like to use Zope's built in role mechanism for permissions. How can I make Zope get the user name from the cookie instead of from the user's browser? I am happy to subclass existing Python code to make this happen. I assume that Zope sends a WWW-Authenticate response header to the user's browser, but I have not yet been able to find the class that does this, and I have not found this question asked before on the lists. Any knowledge or advice is greatly appreciated. Thanks in advance, Tom Engel