something like Apache::Digest::FixMSHak. MS decided that their version of digest security was better than the RFC. i should be doable to add a re-write module that hacks the MS hak back to stock values so that mod_digest works again. people i've spoken to so far don't know if there is anything other than simply truncating the uri to its path (leaving off the arguments) that's done by MS. if anyone knows how their process works, or is willing to help check it, please warn me. it'll be a big help in this thing done sooner. thanx. -- Steven Lembark 2930 W. Palmer St. Chicago, IL 60647 [EMAIL PROTECTED] 800-762-1582