Ben, > No they aren't sent clear text. IIRC, the client machine asks for the > encrypted password from the server, if the client is allowed to get it > the server sends it, Great. Then I only need to enforce 'secure' passwords. Thanks a lot for your help. -- p.