I am going to use Zope to form an intranet for a TV station. The situation is, that all users (using Windows 2000 workstation and Internet Explorer 5.5) are logging on to an Active Directory Server. The intranet is to be implemented with Zope running behind IIS 5.0 (or the newer one if it can solve the problem). IIS and IE has a special function: If the directory security is set to ONLY "NT Challenge/response" AND the intranet URL is set in IE to the security level "Local Intranet", the user need not make a separate authentication to enter the intranet. Instead IE sends to IIS the user details previously entered when loggin onto the Active Directory Server. IIS then validates the user against the same AD (and also checks with user permissions on the directory/website). If the user is authenticated and have permissions to execute scripts, the script in question is called with an extra server variable called "LOGON_USER". This work with both ASP and eg. PHP. I would like this to work with Zope as well, so that Zope does not display an authentication dialog box. I see two ways to do this, however I do not know if it would work, or even how: 1) Zope is run behind IIS with PCGI. All users with access to the intranet must be added to the permissions for the intranet's root rolder. Zope user folders are made with the special LDAPUserFolder 2) Zope is run as a standalone server. Zope must simulate IIS's challenge/response system. Zope user folders are made with the special LDAPUserFolder Have anyone tried this before? I'm still at the level of getting PCGI to work properly. ;-) Any help is much appreciated. - Carsten