I'll have to take a look at MD5 style hashing, thanks for the alternative.

on the issue of clear transmissions... Due to issues that can only happen in large organizations, we are fighting a move to remove SSL from our single-login system to a straight http configuration... the reason? Users are getting fed up with accepting certificates, and being warned of a redirect (netscape is the standard and this dialog cannot be "turned off") and complaining loudly. I wish I could say I was making this up for a Dilbert/UserFriendly strip, but I am not...they want to remove the security from the security system.

Next they'll remove the door security because people are growing tired of having to swipe their badges through...arghhhh

If someone wants to write a Perl module that thwarts stupidity, I'll beta test!

My organization is in the process of implementing single sign-on for web based applications using an authentication server with cookies. We haven't yet run into these problems.

Are your certificates issued by a well know CA, such as Verisign? Which versions of Netscape encounter the redirect warning?

We do use cookies post-login with a single authentication application. The login app is something other apps just "plug-in", due to it's design (I wasn't there then, and am just getting my feet wet with it now) it authenticates then redirects to the appropriate system they were logging into (many of which are not https).

This SSL hosted redirect causes netscape to put up a dialog, but has no "check here to not ask again" so the user can avoid getting it next login.

On the certificate, the users are only being asked once a year (or if their machines are re-genned, new computer, etc). Aparently that is just too often...go figure.