Whoa, seems like my problem was not very interesting... Anyway, I found a solution and hereby make it public. To get apache to log usernames, one has to invoke the apache's authentification machinery. I found out that one can plug perl-modules into apache for doing auth and that there's even a module which does exactly what one needs here, Apache::AuthAny, which always succeeds. package Apache::AuthAny; # file: Apache/AuthAny.pm use strict; use Apache::Constants qw(:common); sub handler { my $r = shift; my($res, $sent_pw) = $r->get_basic_auth_pw; return $res if $res != OK; my $user = $r->connection->user; unless($user and $sent_pw) { $r->note_basic_auth_failure; $r->log_reason("Both a username and password must be provided", $r->filename); return AUTH_REQUIRED; } return OK; } 1; __END__ The corresponding entry in http.conf is <Directory Proxy:*> PerlAuthenHandler Apache::AuthAny AuthType Basic AuthName "Auth_Realm" require valid-user </Directory> One just has to make sure that the realm is the same as in zope and everything goes fine. So on to the next, has anybody an idea what would be a good/easy way to link zope authentication to apache's? It might be interesting to use mod_python i.e. for extending zope's authentication to files/directories served by apache (one could have done the same as above with mod_python, it's just that I didn't want to install that for a five-liner). cheers, oliver