On Thu, 14 May 2009, Amos Jeffries wrote: > What can be done is to glean some details such as machine IP and do some > local not-quite-auth testing on it to see who is logged in and get their > username back (NP: not password). AD may be able to map IP to current > user. This has to be done in the background with an external_acl_type > helper. It's called out-of-band authorization. Are there any docs or howtos around on this? We use authentication one one subnet, but it's a bit of a pain. We're not really that concerned to require people to remember passwords, we just want to work out who the user is with a reasonable level of accuracy. Authenticated proxies seem to break various clients so if out-of-band might be an interesting alternative. Gavin