I've established a user folder on my Zope installation which mirrors the usernames and associated passwords of an NT domain (using smbUserFolder). When a user wishes to enter the Zope site, they enter their NT username and password. In-house we also have an Exchange server that has Outlook Web Access installed on it. Currently, I have a link set up on one of our Zope pages that dumps the user off into a logon screen for OWA... the user must then enter his username and password (the same username and password -- again -- it's against the same NT domain) in order to retrieve his mail. I know it's probably possible to use the RESPONSE function within Zope to insert the username into the HTTP header when he clicks on the link that takes him to OWA. But I don't see any documentation regarding the user's password. I know that its generally considered a security misfeature to cache cleartext passwords in memory or on disk, but since the password is just base64'ed when it gets to Zope, Zope should already know it (assuming it keeps it around somewhere). And this would mean that I could pass the password to OWA using a RESPONSE as well. And since I could do this, it would mean that I could save the user from having to enter his or her password again when they click on a link to another HTTP-basic-auth protected site which authenticates against the same user store, but which is not in the same "Realm". A nicety that users have come to expect. Most CGI implementations won't let you do this. MS Active Server Pages, however, allow you free use of the authenticated user's password. I'm wondering if Zope has such a (mis?)feature. Alternately, if anyone has any experience or ideas about how to do such a thing, please let me know. Thanks! Chris