> If we did not need to hack /bin/login to manage the credentials > cache could we always use the default os /bin/login? There's still one important hurdle -- using some OS means to restrict access to the ccache. As far as I can see at the moment, for a Joe Unix system that means UID-based access or inheritance of a file descriptor. Somewhere between telnetd and the shell, some process is going to have to set up that protection. The /bin/login won't leave a miscellaneous fd open, so are you ready to teach telnetd about uids? Peek at its descendent's uid through procfs??? Brrr. Matt