On Tue, Sep 28, 1999 at 11:45:42AM -0400, John Lyon wrote: >They are encrypted and you can't access them. If you need to know them the >user will have to tell you. I don't think it's a good idea to give a false sense of security. The passwords are stored in plaintext in binary file(s), and are logged in plaintext as well. We keep reminding our users not to use the same password for Listserv that they use for any computer account, but of course they do. I regularly mine the Listserv log for passwords; I add these to the dictionary that our UNIX password change command consults for bad passwords and that we use when we run Crack. Which brings up yet another feature request: any plans to add hooks for single sign-on authentication to Listserv? Tim Ramsey / Sr. Systems Admin [log in to unmask] (work) Enterprise Server Technologies [log in to unmask] (personal) Computing and Network Services (785) 532-3742 (office) Kansas State University