Thanks to everybody who answered my question; I have gotten everything *almost* to the point I need. The problem, remember, was that I needed to be able to explicitly "log out" users of a Zope-powered site. The normal "basic" authentication mechanism does not allow for that - once the browser has its grip on your username and password, it doesn't let go until the browser restarts. (Which, with the 4.6 Netscape I just installed, is generally within about 15 minutes, but I digress...grumble...) The solution: get the unsupported UserDB product from http://www.zope.org/Download/Unsupported and install it. UserDB will authenticate users from an SQL database, which works well for my application. But, more to the point, it can be set up to use cookies for authentication purposes. Cookies can be reset from the server, thus allowing a "log out" capability. To allow users to log themselves out, simply give them a link to "acl_users/logout" and it happens. (NOT acl_users/docLogout, as suggested by one person - that looks like it works, but does not). The next thing to do is to add an expiration to the cookies, which I have not yet done. That deals with the "they forgot to log out" case - something that has been known to happen every year or so. Only one problem remains: I've not yet found a way to enable UserDB authentication in the top-level folder. Trying to set up UserDB there brings a complaint that acl_users already exists; Zope, however, will not let you delete acl_users from the top-level folder. That's an annoyance, but it can be worked around. I'm happy. Thanks again! jon Jonathan Corbet, Eklektix, Inc. corbet@eklektix.com