Is the unix socket system secure enough that maybe you could run some kind of authentication daemon (pammish type thingy) and have the login progs authenticate against it using unix sockets? Then the authentication daemon could spawn the login shell? It would be another way to keep login prog further from full root. Just a thought, Warren.