I believe there is a bug in handle_request in AuthGeneric.pm : if (defined $self->{RejectEmptyPassword} && $p->decodedPassword() eq '') { $self->log($main::LOG_DEBUG, "$type rejected $user_name because of a n empty password"); return ($main::REJECT, 'Empty password'); } The function decodedPassword will return '' in the case of a CHAP-Password attribute. This is particularly true when using AuthLDAP2 because in its initialization it forces the value of RejectEmptyPassword to 1. My current workaround is to comment $self->{RejectEmptyPassword} = 1 out in AuthLDAP2.pm, but I'm sure that the real solution should be in the AuthGeneric.pm test. -- Christophe Wolfhugel -+- [EMAIL PROTECTED] -+- France Telecom Oleane === Archive at http://www.starport.net/~radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.