What I would I would do is create a PerlTransHandler that is used as a gateway for authentication. You would probably have to use Apache::Session as well to track whether a user is 'new' or not. This is how it would work. A user would hit a link that requires authentication, which can be set at the apache conf level using 'PerlSetVar Auth 1' in a <DIRECTORY> directive, if they are not auth'd, rewrite the uri to take them to a login form. Existing users would be given the option to validate themselves. I am not sure exactly what you want to do with validated users, but chances are you will need some sort of cookie/session tracking. --eric