OK sorry, my bad for not reading your original post closely enough.

One 'round the houses' approach would be to use IIS. Start by configuring IIS to disable anonymous access and enable 'Basic Authentication'. Then have your script access a CGI script using LWP and supplying a username/password, eg:

  my $ua = LWP::UserAgent->new()

  my $request = HTTP::Request->new(GET => $cgi_url);

  $request->authorization_basic($username, $password);

  my $response = $ua->request($request);
[download]

When the script pointed to by $cgi_url is run, IIS will have arranged for it to be running under the security context of user $username. Furthermore, the security token which results from this type of authentication would allow the CGI process to access files on remote shares - handy if you don't have IIS on the box where the high socre file lives. The URL you requested would presumably include a querystring containing any new data to be written to the file.

Of course the major drawback of this approach is that the username and password must be available in clear text to your script which means that one of your users could subvert the system if they had access to the source and were determined enough.

Thanks. Unfortunately, none of the machines in the network run IIS. The domain controller is SAMBA on linux and none of the XP workstations run IIS. There is no CGI involved. The program underconsideration is a conventional (non-cgi) app.

--traveler