I think I found what I was looking for :-) "KCT and mod_KCT mod_KCT is an Apache web server module that acquires a Kerberos service ticket from the KCT on behalf of an SSL authenticated user. The web server can then act as a Kerberos client on the user's behalf. KCT runs on the same machine that runs the KDC. It accepts user certificates via SSL from mod_KCT and returns a Kerberos service ticket. It uses the OpenSSL toolkit." (source: http://www.citi.umich.edu/projects/kerb_pki/) I have just to try it out ;-) Daniel -- Retrovirology Laboratory Luxembourg Centre Hospitalier de Luxembourg 4, rue E. Barblé L-1210 Luxembourg phone: +352-44116105 fax: +352-44116113 web: http://www.retrovirology.lu e-mail: struck.d@xxxxxxxxxxxxxxxx