I figured out why the realm wasn't being set. It turns out that if you raise an 'Unauthorized' exception in your custom validation method, it skips the code that adds the realm to the http header info in cgi_module_publisher (bobo) or ZPublisher.Publish (zope). The solution was to change the 'raise "Unauthorized"' to 'return None'. I originally used the Unauthorized exception as it seemed a way to shortcut bobo from looking up the containment hierarchy for other user databases. Just thought I'd pass the solution along to complete the thread. :) --- John Eikenberry [jae@taos.kavi.com - http://taos.kavi.com/~jae/] ______________________________________________________________ "A society that will trade a little liberty for a little order will deserve neither and lose both." --B. Franklin