Hi Ross:

I've already sent a note to the DC guys about this, but they're all busy having fun at the Expo,

Not me... <sniff><sniff>... I'm stuck here answering phones :^)

so I thoungt I'd let the rest of you know, as well. I'v been using the USerDb unsupported product, and like it. However, I'v been bothered by seeing my users cleartext passwords in the db, so I added crypt hashed storage to the UserDb product. This will allow the use of unix 'passwd' style passwords (also used by apache for .htpasswd files) in the database. It also gives a modicum of security if you db backend is on a different machine from the Zope install, so the passwords don't travel around in the clear in the SQL queries.

Absolutely, yeah! In fact, due to our recent and thorough exposure to LDAP I forsee a day, in the not-too-distant future, when all user folderish stuff will let you, depending on underlying support, hash passwords with nothing, crypt, MD5, or SHA as a config parameter of the user folder. --Rob